CVE-2015-2687: OpenStack Compute (Nova) Improper Access Control

May 17, 2022 (updated May 14, 2024)

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

References

bugs.launchpad.net/nova/+bug/1419577
bugzilla.redhat.com/show_bug.cgi?id=1205313
github.com/advisories/GHSA-97fv-22hc-mrgj
github.com/openstack/nova
github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
nvd.nist.gov/vuln/detail/CVE-2015-2687
review.openstack.org/

Detect and mitigate CVE-2015-2687 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →