ID |
CVE-2017-7549
|
Summary |
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:openstack:instack-undercloud:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:instack-undercloud:7.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
-
cpe:2.3:a:openstack:instack-undercloud:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:instack-undercloud:6.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
-
cpe:2.3:a:openstack:instack-undercloud:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:instack-undercloud:5.3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
|
CVSS |
Base: | 3.3 (as of 12-02-2023 - 23:31) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-377 |
CAPEC |
-
Screen Temporary Files for Sensitive Information
An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.
|
Access |
Vector | Complexity | Authentication |
LOCAL |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:L/AC:M/Au:N/C:P/I:P/A:N
|
redhat
via4
|
advisories | | rpms | - instack-undercloud-0:4.0.0-17.el7ost
- instack-undercloud-0:5.3.0-3.el7ost
- instack-undercloud-0:2.2.7-10.el7ost
- instack-undercloud-0:2.1.2-41.el7ost
- instack-undercloud-0:6.1.0-3.el7ost
|
|
refmap
via4
|
|
Last major update |
12-02-2023 - 23:31 |
Published |
21-09-2017 - 21:29 |
Last modified |
12-02-2023 - 23:31 |