← Back

CVE-2016-0757

nvd nist
Published: Apr 13, 2016Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

Affected (3)

Openstack
1 product
Image Registry And Delivery Service (glance)
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Image Registry And Delivery Service (glance)
Version 11.0.0
Image Registry And Delivery Service (glance)
Version 11.0.1
Image Registry And Delivery Service (glance)
Version 2015.1.2

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.