Vulnerability Name: CVE-2015-2687 (CCN-101839) Assigned: 2015-03-24 Published: 2015-03-24 Updated: 2017-08-24 Summary: OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. CVSS v3 Severity: 4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N 1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N 1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-284 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2015-2687 CVE request for OpenStack Compute (nova) Re: CVE request for OpenStack Compute (nova) Openstack Nova vulnerability affects IBM Cloud Manager with OpenStack (CVE-2015-2687) [oss-security] 20150324 Re: CVE request for OpenStack Compute (nova) [oss-security] 20150325 Re: CVE request for OpenStack Compute (nova) 77505 https://bugs.launchpad.net/nova/+bug/1419577 (CVE-2015-2687) CVE-2015-2687 openstack-nova: information leak when live-migration failed https://bugzilla.redhat.com/show_bug.cgi?id=1205313 openstack-nova-cve20152687-info-disc(101839) https://review.openstack.org/#/c/338929/ Vulnerable Configuration: Configuration 1 :cpe:/a:openstack:compute:2013.2:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2013.2.1:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2013.2.2:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2013.2.3:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2013.2.4:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.1:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.1.1:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.1.2:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.1.3:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.1.4:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.1.5:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.2:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.2.1:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.2.2:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.2.3:*:*:*:*:*:*:* OR cpe:/a:openstack:compute:2014.2.4:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:openstack:nova:2013.2.3:*:*:*:*:*:*:* Oval Definitions BACK
openstack compute 2013.2
openstack compute 2013.2.1
openstack compute 2013.2.2
openstack compute 2013.2.3
openstack compute 2013.2.4
openstack compute 2014.1
openstack compute 2014.1.1
openstack compute 2014.1.2
openstack compute 2014.1.3
openstack compute 2014.1.4
openstack compute 2014.1.5
openstack compute 2014.2
openstack compute 2014.2.1
openstack compute 2014.2.2
openstack compute 2014.2.3
openstack compute 2014.2.4
openstack nova 2013.2.3
Denotes that component is vulnerable