{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-01T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1898", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/1392527"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "76553", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76553"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2015-017.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.083Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1898", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/1392527"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "76553", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76553"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2015-017.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3280", "datePublished": "2015-10-26T17:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.083Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E483493-8EAA-4772-85E6-8F05C8F0C9F4", "versionEndExcluding": "2014.2.4", "versionStartIncluding": "2014.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F2937D9-1DB2-4C70-B5AA-E9E847090F6E", "versionEndExcluding": "2015.1.2", "versionStartIncluding": "2015.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state."}, {"lang": "es", "value": "OpenStack Compute (nova) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) no elimina adecuadamente casos desde los nodos de c\u00f3mputo, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo del disco) borrando instancias cuando entra en el estado de cambio de tama\u00f1o."}], "id": "CVE-2015-3280", "lastModified": "2023-02-13T00:49:24.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-10-26T17:59:03.747", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/76553"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://launchpad.net/bugs/1392527"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2015-017.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank OpenStack upstream project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-nova-0:2014.1.5-3.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-10-15T00:00:00Z"}, {"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-nova-0:2014.1.5-5.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-10-15T00:00:00Z"}, {"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "openstack-nova-0:2014.2.3-31.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-10-15T00:00:00Z"}, {"advisory": "RHSA-2015:1898", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "openstack-nova-0:2015.1.1-3.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2015-10-15T00:00:00Z"}], "bugzilla": {"description": "openstack-nova: Deleting instances in resize state fails", "id": "1257942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-772", "details": ["OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.", "A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service."], "name": "CVE-2015-3280", "public_date": "2015-09-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3280\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3280"], "threat_severity": "Moderate"}