Home > Vulnerability Database > CVE-2015-2687

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2015-2687

Date: August 9, 2017

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

Severity Score

4.7

Related Resources (12)

Url: http://www.openwall.com/lists/oss-security/2015/03/24/10

Url: https://bugs.launchpad.net/nova/+bug/1419577

Url: https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1205313

Url: http://www.openwall.com/lists/oss-security/2015/03/25/3

Url: https://github.com/openstack/nova

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-2687

Url: http://www.securityfocus.com/bid/77505

Url: https://review.openstack.org/#/c/338929/

Url: https://review.openstack.org/#/c/338929

Url: https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c

Url: https://www.mend.io/vulnerability-database/CVE-2015-2687

Severity Score

4.7

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us