HP Security Bulletin HPSBGN03645 2 - Potential vulnerabilities have been identified in HPE Helion OpenStack Glance. The vulnerabilities can be remotely exploited to allow access restriction bypass and unauthorized access. A malicious tenant is able to reuse deleted Glance image IDs to share malicious images with other tenants in a manner that is undetectable to the victim tenant if the Helion OpenStack administrators have both: 1. Edited the policy.json file to allow non-admin tenants to share images with other tenants or edited policy.json to allow non-admin tenants to create public images. 2. Deleted image IDs from the Glance database, either manually or using the purge tool ("glance-manage db purge"). Revision 2 of this advisory.
93d9fa4e73c175cadb2970de87cb2c96d44f75b9068aac11b3f186bfbd90da53
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed