CVE-2016-8520

Опубликовано: 15 фев. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.

Ссылки

http://www.securityfocus.com/bid/95369
Third Party Advisory
VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05363782
Vendor Advisory
http://www.securityfocus.com/bid/95369
Third Party Advisory
VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05363782
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:*:*:*:*

Версия до 4.3.0 (включая)

EPSS

Процентиль: 64%

0.00481

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-275

Связанные уязвимости

CVE-2016-8520

CVSS3: 8.8

debian

больше 7 лет назад

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM ...

GHSA-29jc-9wc9-6c78

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 64%

0.00481

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-275