Lucene search

GitHub Advisory DatabaseGHSA-98C8-36P9-GW66

HistoryMay 17, 2022 - 1:57 a.m.

Openstack DBaaS (Trove) Improper Link Resolution Before File Access

2022-05-1701:57:31

CWE-59

GitHub Advisory Database

github.com

openstack

dbaas

trove

improper link resolution

file access

symlink attack

software vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py,MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.

Affected configurations

Vulners

Node

barclamp-trove_projectbarclamp-troveRange<4.0.0a0

VendorProductVersionCPE
barclamp-trove_projectbarclamp-trove*cpe:2.3:a:barclamp-trove_project:barclamp-trove:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barclamp-trove_project	barclamp-trove	*	cpe:2.3:a:barclamp-trove_project:barclamp-trove::::::::

References

bugs.launchpad.net/trove/+bug/1398195

bugzilla.redhat.com/show_bug.cgi?id=1216073

github.com/advisories/GHSA-98c8-36p9-gw66

github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230

github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176

github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236

github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790

github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30

github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110

github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36

github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55

github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194

github.com/openstack/trove/commit/61774984aa2bacfe89867fc39a402a6a4cfb8f33

nvd.nist.gov/vuln/detail/CVE-2015-3156

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for GHSA-98C8-36P9-GW66