Launchpad CVE tracker

CVE 2015-7713

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Related bugs and status

CVE-2015-7713 (Candidate) is related to these bugs:

Bug #1533285: [OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713)

		In	Importance	Status
1533285	[OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713)	Mirantis OpenStack	High	Invalid
1533285	[OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713)	Mirantis OpenStack 7.0.x	High	Fix Released
1533285	[OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713)	Mirantis OpenStack 6.0.x	High	Invalid
1533285	[OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713)	Mirantis OpenStack 6.1.x	High	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-7713

References