製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenStack Compute におけるアクセス制御に関する脆弱性

Title	OpenStack Compute におけるアクセス制御に関する脆弱性
Summary	OpenStack Compute (nova) には、アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 2, 2015, midnight
Registration Date	Sept. 13, 2017, 5:34 p.m.
Last Update	Sept. 13, 2017, 5:34 p.m.

Affected System

OpenStack

OpenStack Compute 2013.2 (Havana)

OpenStack Compute 2014.1 (Icehouse)

OpenStack Compute 2014.2 (Juno)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-2687	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2687
National Vulnerability Database (NVD)
2	CVE-2015-2687	https://nvd.nist.gov/vuln/detail/CVE-2015-2687

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-284	https://cwe.mitre.org/data/definitions/284.html

ベンダー情報

No	Name	URL
Code Review
1	Change If28f8607: Compute: Reset bdm connection_info during LM rollback	https://review.openstack.org/#/c/338929/
Launchpad
2	Bug #1419577	https://bugs.launchpad.net/nova/+bug/1419577
Red Hat Bugzilla
3	Bug 1205313	https://bugzilla.redhat.com/show_bug.cgi?id=1205313

Change Log

No	Changed Details	Date of change
0	[2017年09月13日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-2687

Summary	OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
Publication Date	Aug. 10, 2017, 3:29 a.m.
Registration Date	Jan. 26, 2021, 2:48 p.m.
Last Update	Nov. 21, 2024, 11:27 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2015/03/24/10	Mailing List Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2015/03/24/10	Mailing List Third Party Advisory
3	http://www.openwall.com/lists/oss-security/2015/03/25/3	Mailing List Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2015/03/25/3	Mailing List Third Party Advisory
5	http://www.securityfocus.com/bid/77505	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/77505	Third Party Advisory VDB Entry
7	https://bugs.launchpad.net/nova/+bug/1419577	Issue Tracking Third Party Advisory VDB Entry
8	https://bugs.launchpad.net/nova/+bug/1419577	Issue Tracking Third Party Advisory VDB Entry
9	https://bugzilla.redhat.com/show_bug.cgi?id=1205313	Issue Tracking Third Party Advisory VDB Entry
10	https://bugzilla.redhat.com/show_bug.cgi?id=1205313	Issue Tracking Third Party Advisory VDB Entry
11	https://review.openstack.org/#/c/338929/	Third Party Advisory
12	https://review.openstack.org/#/c/338929/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html