Description
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76960
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1491307
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2015:2673
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1492961
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2684.html
Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2015-021.html
Scores
EPSS
0.0152
EPSS Percentile
81.5%
Details
CWE
CWE-254
Status
published
Products (2)
openstack/nova
2014.2 - 2014.2.4
pypi/nova
0 - 2014.2.4PyPI
Published
Oct 29, 2015
Tracked Since
Feb 18, 2026