CVE-2016-4383

EUVD-2016-5383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
hphelion_openstack_glance
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glance
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glance
trusty
dne
xenial
ignored
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93106
https://bugs.launchpad.net/glance/+bug/1593799/
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05273584
https://wiki.openstack.org/wiki/OSSN/OSSN-0075
http://www.securityfocus.com/bid/93106
https://bugs.launchpad.net/glance/+bug/1593799/
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05273584
https://wiki.openstack.org/wiki/OSSN/OSSN-0075