CVE-2015-6861

Name of the Vulnerable Software and Affected Versions HPE Helion Eucalyptus versions 3.4.0 through 4.2.0

Description The issue allows remote authenticated users to bypass an intended permission requirement, specifically the AssumeRole permission, and assume an IAM role. This is achieved by leveraging a policy setting for a user's account.

Recommendations For versions 3.4.0 through 4.2.0, consider restricting the policy settings for user accounts to prevent unauthorized assumption of IAM roles until a patch is available. As a temporary workaround, review and limit the use of AssumeRole permissions to minimize the risk of exploitation.