CVE-2016-4383

Published on: 06/27/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:59 PM UTC

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Certain versions of Helion Openstack Glance from Hp contain the following vulnerability:

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

  • CVE-2016-4383 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.4 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW HIGH REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED HIGH HIGH HIGH

CVSS2 Score: 8.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Document Display | HPE Support Center Mitigation
Vendor Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05273584
OSSN/OSSN-0075 - OpenStack Technical Description
Third Party Advisory
wiki.openstack.org
text/html
URL Logo CONFIRM wiki.openstack.org/wiki/OSSN/OSSN-0075
OpenStack Glance CVE-2016-4383 Remote Security Bypass Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 93106
Bug #1593799 “glance-manage db purge breaks image immutability p...” : Bugs : Glance Issue Tracking
Third Party Advisory
VDB Entry
bugs.launchpad.net
text/html
URL Logo CONFIRM bugs.launchpad.net/glance/+bug/1593799/

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationHpHelion Openstack Glance-AllAllAll
ApplicationHpHelion Openstack Glance-AllAllAll
  • cpe:2.3:a:hp:helion_openstack_glance:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:hp:helion_openstack_glance:-:*:*:*:*:*:*:*: