Improper Access Control Affecting github.com/libopenstorage/openstorage/api/server package, versions <3.0.0-beta
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMLIBOPENSTORAGEOPENSTORAGEAPISERVER-565845
- published 16 Apr 2020
- disclosed 16 Apr 2020
- credit Unknown
How to fix?
Upgrade github.com/libopenstorage/openstorage/api/server
to version 3.0.0-beta or higher.
Overview
github.com/libopenstorage/openstorage/api/server is a server package, part of openstorage.
Affected versions of this package are vulnerable to Improper Access Control. It is possible for a pvc user to maliciously use the secret located in a namespace they cannot access.