CVE-2016-8520

Source
https://cve.org/CVERecord?id=CVE-2016-8520
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8520.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-8520
Published
2018-02-15T22:29:00.873Z
Modified
2026-04-10T03:53:46.416264Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.

References

Affected packages

Git / github.com/eucalyptus/eucalyptus

Affected ranges

Type
GIT
Repo
https://github.com/eucalyptus/eucalyptus
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.0"
        }
    ]
}

Affected versions

1.*
1.4
1.5.0
1.5.1
1.5.2
1.6.1
2.*
2.0-branch
2.0.0
2.0.1
3.*
3.0-beta2
3.0-beta3
3.0-beta4
3.0-beta5
3.0-beta6
3.0-rc1
3.0-rc2
3.0-rc3
3.0.0
3.0.1
3.1-alpha2
3.1.0
3.3-m6
3.4.0
Other
jaunty
karmic
v4.*
v4.0.0
v4.1.0
v4.2.0
v4.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8520.json"