Vulnerability in Eucalyptus

CVE-2016-8520

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.

EPSS: 0.014 (68.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2016-8520?
CVE-2016-8520 is a high-severity vulnerability in Eucalyptus, classified under Permission Issues. CVSS score: 8.8/10. Published 2018-02-15.
How severe is CVE-2016-8520?
High severity. CVSS v3 base score is 8.8 out of 10.