CVE-2015-7713

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Affected Software

Name	Vendor	Start Version	End Version
Nova	Openstack	2014.2 (including)	2014.2.4 (excluding)
Nova	Openstack	2015.1.0 (including)	2015.1.2 (excluding)
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6	RedHat	openstack-nova-0:2014.1.5-16.el6ost	*
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	RedHat	openstack-nova-0:2014.1.5-9.el7ost	*
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	RedHat	openstack-nova-0:2014.2.3-42.el7ost	*
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	RedHat	openstack-nova-0:2015.1.2-7.el7ost	*
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	RedHat	python-novaclient-1:2.23.0-2.el7ost	*
Nova	Ubuntu	precise	*
Nova	Ubuntu	trusty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7713
CWE	https://cwe.mitre.org/data/definitions/254.html

Affected Software

References