openstack-cyborg@14.0.0.0rc1

Distributed Acceleration Management as a Service

  • latest version

    16.0.1

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the openstack-cyborg package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Ownership Management

    openstack-cyborg is a Distributed Acceleration Management as a Service

    Affected versions of this package are vulnerable to Improper Ownership Management due to improper enforcement of project ownership in the ARQ API. An attacker can gain unauthorized access to and manipulate resources belonging to other projects by leveraging insufficient policy checks and missing project filtering in database queries.

    How to fix Improper Ownership Management?

    Upgrade openstack-cyborg to version 14.1.0, 15.0.1, 16.0.1 or higher.

    [3.0.0,14.1.0)[15.0.0,15.0.1)[16.0.0,16.0.1)
    • M
    Incorrect Authorization

    openstack-cyborg is a Distributed Acceleration Management as a Service

    Affected versions of this package are vulnerable to Incorrect Authorization in the authorization process. An attacker can gain unauthorized access to sensitive operations by sending requests with a valid authentication token, even without any assigned roles or project membership.

    How to fix Incorrect Authorization?

    Upgrade openstack-cyborg to version 14.1.0, 15.0.1, 16.0.1 or higher.

    [3.0.0,14.1.0)[15.0.0,15.0.1)[16.0.0,16.0.1)