Improper Access Control Affecting glance package, versions *


low

Snyk CVSS

    Attack Complexity Low
    Privileges Required High
    User Interaction Required
    Scope Changed
    Confidentiality High
    Integrity High
    Availability High
Expand this section
NVD
8.4 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN12-GLANCE-1546905
  • published 27 Jun 2017
  • disclosed 27 Jun 2017

How to fix?

There is no fixed version for Debian:12 glance.

NVD Description

Note: Versions mentioned in the description apply only to the upstream glance package and not the glance package as distributed by Debian:12. See How to fix? for Debian:12 relevant fixed versions and status.

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.