CVE-2016-4383

Published: Jun 27, 2017Modified: May 13, 2026

8.4

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.7 / Impact: 6.0

Source: NVD

Description

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

Affected (1)

Products: Hp: Helion Openstack Glance

1 product

Helion Openstack Glance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Helion Openstack Glance	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://www.securityfocus.com/bid/93106

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/glance/+bug/1593799/

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05273584

Source: cve@mitre.org

MitigationVendor Advisory

https://wiki.openstack.org/wiki/OSSN/OSSN-0075

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

http://www.securityfocus.com/bid/93106

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/glance/+bug/1593799/

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05273584

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://wiki.openstack.org/wiki/OSSN/OSSN-0075

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

Timeline

No history available yet.