OpenStack Nova instance migration process does not stop when instance is deleted

CVE-2015-3241 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.

Basic information

Type: reviewed
Severity: medium
Advisory on GitHub: Open advisory ↗
Repository advisory: —
Source code: Browse source ↗
Published (advisory): 2022-05-14 01:58:45 UTC
Updated: 2024-05-14 20:53:51 UTC
GitHub reviewed: 2024-05-14 20:53:49 UTC
NVD published: 2015-09-08

EPSS Score

Score	Percentile
1.97%	83.52%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Type	Value
GHSA	GHSA-3vx7-xff6-h2vx ↗
CVE	CVE-2015-3241 ↗

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem	Package	Vulnerable range	First patched	Vulnerable functions
pip	nova	< 12.0.0.0b3	112.0.0.0b3	—

References

cvelogic Threat Intelligence