Vulnerability in Eucalyptus
CVE-2016-8520
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.
EPSS: 0.014 (68.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Eucalyptus
- Hewlett Packard Enterprise Helion Eucalyptus — versions v4.3.0 and earlier
Weakness classification (CWE)
References
- security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- security-alert@hpe.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-8520?
- CVE-2016-8520 is a high-severity vulnerability in Eucalyptus, classified under Permission Issues. CVSS score: 8.8/10. Published 2018-02-15.
- How severe is CVE-2016-8520?
- High severity. CVSS v3 base score is 8.8 out of 10.