CVE-2015-0237
vdsm: Users attempting a live storage migration create snapshot without snapshot creation permissions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.
Red Hat Enterprise Virtualization (RHEV) Manager anterior a 3.5.1 ignora el permiso para denegar la creación de instantáneas durante la migración del almacenaje en vivo entre dominios, lo que permite a usuarios remotos autenticados causar una denegación de servicio (impedir el inicio del anfitrión) mediante la creación de una cadena larga de instantáneas.
It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-04-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securitytracker.com/id/1032231 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2015-0888.html | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2015-0237 | 2015-04-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1184716 | 2015-04-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Enterprise Virtualization Manager Search vendor "Redhat" for product "Enterprise Virtualization Manager" | <= 3.5.0 Search vendor "Redhat" for product "Enterprise Virtualization Manager" and version " <= 3.5.0" | - |
Affected
|