Improper Access Control Affecting glance package, versions <2:12.0.0-1
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-GLANCE-313224
- published 13 Apr 2016
- disclosed 13 Apr 2016
Introduced: 13 Apr 2016
CVE-2016-0757 Open this link in a new tabHow to fix?
Upgrade Debian:10
glance
to version 2:12.0.0-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream glance
package and not the glance
package as distributed by Debian:10
.
See How to fix?
for Debian:10
relevant fixed versions and status.
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.