GHSA-5xrj-ghhp-hx7p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5xrj-ghhp-hx7p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5xrj-ghhp-hx7p/GHSA-5xrj-ghhp-hx7p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5xrj-ghhp-hx7p
- Aliases
- Published
- 2022-05-17T03:43:30Z
- Modified
- 2023-11-08T03:58:06.241283Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- OpenStack Image Service (Glance) vulnerable to Improper Access Control
- Details
-
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.
- Database specific
{ "nvd_published_at": "2016-04-13T17:59:00Z", "cwe_ids": [ "CWE-284" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-02-08T18:11:54Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-0757
- https://access.redhat.com/errata/RHSA-2016:0309
- https://access.redhat.com/errata/RHSA-2016:0352
- https://access.redhat.com/errata/RHSA-2016:0354
- https://access.redhat.com/errata/RHSA-2016:0358
- https://access.redhat.com/security/cve/CVE-2016-0757
- https://bugzilla.redhat.com/show_bug.cgi?id=1302607
- https://opendev.org/openstack/glance
- https://rhn.redhat.com/errata/RHSA-2016-0309.html
- https://security.openstack.org/ossa/OSSA-2016-006.html
- https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696
Affected packages
PyPI / glance
Package
- Name
- glance
- View open source insights on deps.dev
- Purl
- pkg:pypi/glance