Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-7549

Опубликовано: 21 сент. 2017
Источник: nvd
CVSS3: 6.4
CVSS2: 3.3
EPSS Низкий

Описание

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:openstack:instack-undercloud:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:openstack:instack-undercloud:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:openstack:instack-undercloud:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

EPSS

Процентиль: 24%
0.00079
Низкий

6.4 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-377
CWE-59

Связанные уязвимости

redhat логотип

CVE-2017-7549

CVSS3: 6.1
redhat
больше 8 лет назад

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

github логотип

GHSA-53wm-97p6-582f

CVSS3: 6.4
github
больше 3 лет назад

instack-undercloud vulnerable to symlink attack on tmp files

EPSS

Процентиль: 24%
0.00079
Низкий

6.4 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-377
CWE-59