Published: 27/06/2017 Updated: 06/07/2017

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 8.4 | Impact Score: 6 | Exploitability Score: 1.7

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp helion openstack glance -

Debian Bug report logs - #868185 CVE-2016-4383 Package: src:glance; Maintainer for src:glance is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 12 Jul 2017 21:57:05 UTC Severity: important Tags: security, upstream Done: Thomas Goirand <zigo@debia ...

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it ...

CWE-284 https://wiki.openstack.org/wiki/OSSN/OSSN-0075 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05273584 https://bugs.launchpad.net/glance/+bug/1593799/http://www.securityfocus.com/bid/93106 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868185 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-4383

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-4383

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect