Improper Access Control Affecting glance package, versions <2:12.0.0-1



    Attack Complexity Low

    Threat Intelligence

    EPSS 0.11% (45th percentile)
Expand this section
4.3 medium
Expand this section
Red Hat
3.5 low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN11-GLANCE-529705
  • published 13 Apr 2016
  • disclosed 13 Apr 2016

How to fix?

Upgrade Debian:11 glance to version 2:12.0.0-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream glance package and not the glance package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.