CVE-2015-7713

{"id": "CVE-2015-7713", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-10-29T20:59:09.807", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/76960", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2015:2673", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/nova/+bug/1491307", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/nova/+bug/1492961", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.openstack.org/ossa/OSSA-2015-021.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made."}, {"lang": "es", "value": "OpenStack Compute (Nova) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) no aplica correctamente los cambios de grupos de seguridad, lo que permite a atacantes remotos eludir las restricciones previstas mediante el aprovechamiento de una instancia que se estaba ejecutando cuando se hizo el cambio."}], "lastModified": "2023-02-13T00:55:05.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E483493-8EAA-4772-85E6-8F05C8F0C9F4", "versionEndExcluding": "2014.2.4", "versionStartIncluding": "2014.2"}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F2937D9-1DB2-4C70-B5AA-E9E847090F6E", "versionEndExcluding": "2015.1.2", "versionStartIncluding": "2015.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}