{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1723", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html"}, {"name": "75372", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75372"}, {"name": "RHSA-2015:1898", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2015-015.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/1387543"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.092Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1723", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html"}, {"name": "75372", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75372"}, {"name": "RHSA-2015:1898", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2015-015.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/1387543"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3241", "datePublished": "2015-09-08T15:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.092Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FD6C19A-8301-4301-814A-62600672BE42", "versionEndIncluding": "2014.2.3", "versionStartIncluding": "2014.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "67984FCE-EC2A-4176-9D6F-69518BA8C060", "versionEndIncluding": "2015.1.1", "versionStartIncluding": "2015.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance."}, {"lang": "es", "value": "Vulnerabilidad en OpenStack Compute (nova) 2015.1 hasta la versi\u00f3n 2015.1.1, 2014.2.3 y anteriores, no detiene el proceso de migraci\u00f3n cuando se borra la instancia, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (disco, red y otros consumos de memoria) modificando el tama\u00f1o y borr\u00e1ndo entonces la instancia."}], "id": "CVE-2015-3241", "lastModified": "2023-02-13T00:48:48.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-08T15:59:01.407", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75372"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://launchpad.net/bugs/1387543"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2015-015.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges George Shuklin (Webzilla LTD) as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-nova-0:2014.1.5-3.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-10-15T00:00:00Z"}, {"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-nova-0:2014.1.5-5.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-10-15T00:00:00Z"}, {"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "openstack-nova-0:2014.2.3-31.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-10-15T00:00:00Z"}, {"advisory": "RHSA-2015:1723", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "openstack-nova-0:2015.1.0-18.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2015-09-03T00:00:00Z"}, {"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "openstack-nova-0:2015.1.1-3.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2015-10-15T00:00:00Z"}], "bugzilla": {"description": "openstack-nova: Nova instance migration process does not stop when instance is deleted", "id": "1232782", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232782"}, "csaw": false, "cvss": {"cvss_base_score": "2.7", "cvss_scoring_vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-400", "details": ["OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.", "A denial of service flaw was found in the OpenStack Compute (nova) instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance."], "name": "CVE-2015-3241", "public_date": "2015-06-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3241\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3241"], "threat_severity": "Moderate"}