Description
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1723.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75372
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1898.html
Third Party Advisory x_refsource_confirm
https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2015-015.html
Third Party Advisory x_refsource_confirm
https://launchpad.net/bugs/1387543
Scores
EPSS
0.0197
EPSS Percentile
83.8%
Details
CWE
CWE-399
Status
published
Products (2)
openstack/nova
2014.2 - 2014.2.3
pypi/nova
0 - 112.0.0.0b3PyPI
Published
Sep 08, 2015
Tracked Since
Feb 18, 2026