Symbolic Link Attack

2017-09-0702:45:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

instack-undercloud is vulnerable to symbolic link attacks. The library uses a hardcoded temporary files during pre-installation, allowing a malicious user to conduct a symbolic link attack and overwrite arbitrary files.

CPENameOperatorVersion
instack-undercloudle7.4.14
instack-undercloudle6.1.0
instack-undercloudle7.4.14
instack-undercloudle6.1.0

Name	Operator	Version
instack-undercloud	le	7.4.14
instack-undercloud	le	6.1.0
instack-undercloud	le	7.4.14
instack-undercloud	le	6.1.0

References

www.securityfocus.com/bid/100407

access.redhat.com/errata/RHSA-2017:2557

access.redhat.com/errata/RHSA-2017:2649

access.redhat.com/errata/RHSA-2017:2687

access.redhat.com/errata/RHSA-2017:2693

access.redhat.com/errata/RHSA-2017:2726

access.redhat.com/security/cve/CVE-2017-7549

bugzilla.redhat.com/show_bug.cgi?id=1477403

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for VERACODE:5021