CVE-2016-0757

openstack-glance: Glance image status manipulation through locations

Severity Score

4.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

OpenStack Image Service (Glance) en versiones anteriores a 2015.1.3 (kilo) y 11.0.x en versiones anteriores a 11.0.2 (liberty), cuando show_multiple_locations está habilitado, permiten a usuarios remotos autenticados cambiar el estado de imagen y cargar nuevos datos de imagen eliminando la última localización de una imagen.

An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-12-16 CVE Reserved
2016-02-29 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control
CWE-285: Improper Authorization

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/82696	Vdb Entry

URL	Date	SRC

URL	Date	SRC
https://security.openstack.org/ossa/OSSA-2016-006.html	2023-02-12

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2016-0309.html	2023-02-12
https://access.redhat.com/security/cve/CVE-2016-0757	2016-03-07
https://bugzilla.redhat.com/show_bug.cgi?id=1302607	2016-03-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)"				11.0.0 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "11.0.0"		-		Affected
Openstack Search vendor "Openstack"		Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)"				11.0.1 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "11.0.1"		-		Affected
Openstack Search vendor "Openstack"		Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)"				2015.1.2 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2015.1.2"		-		Affected