CVE-2015-2687
OpenStack Compute (Nova) Improper Access Control
4.7
MEDIUM
CVSS 3.1
EPSS 0.05%
Description
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
How to fix CVE-2015-2687
To remediate CVE-2015-2687, upgrade the affected package to a fixed version below.
- Debian/nova—upgrade to 2014.1-1 or later
- —upgrade to 15.0.0.0b1 or later
- —upgrade to 15.0.0.0b1 or later
Is CVE-2015-2687 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2014.1-1
- from 0, < 15.0.0.0b1
- from 0, < 15.0.0.0b1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.7 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |