Security bypass - CVE-2016-7031
Published: September 30, 2016 / Updated: September 30, 2016
Vulnerability identifier: #VU688
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-7031
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows authenticated adjacent user to bypass security limitations on the target system.
The weakness is caused by insufficient security restrictions that allows a malicious user to bypass Access Control List (ACL) and obtain the contents of the RGW bucket.
Successful exploitaton of the vulnerability may result in access to the vulnerable system.
The weakness is caused by insufficient security restrictions that allows a malicious user to bypass Access Control List (ACL) and obtain the contents of the RGW bucket.
Successful exploitaton of the vulnerability may result in access to the vulnerable system.