CVE-2015-3156
MEDIUM5.5EPSS 0.12%Openstack DBaaS (Trove) Improper Link Resolution Before File Access
Description
The `_write_config` function in `trove/guestagent/datastore/experimental/mongodb/service.py`, `reset_configuration` function in `trove/guestagent/datastore/experimental/postgresql/service/config.py`, `write_config` function in `trove/guestagent/datastore/experimental/redis/service.py`, `_write_mycnf` function in `trove/guestagent/datastore/mysql/service.py`, `InnoBackupEx::_run_prepare` function in `trove/guestagent/strategies/restore/mysql_impl.py`, `InnoBackupEx::cmd` function in `trove/guestagent/strategies/backup/mysql_impl.py`,`MySQLDump::cmd` in `trove/guestagent/strategies/backup/mysql_impl.py`, `InnoBackupExIncremental::cmd` function in `trove/guestagent/strategies/backup/mysql_impl.py`, `_get_actual_db_status` function in `trove/guestagent/datastore/experimental/cassandra/system.py` and `trove/guestagent/datastore/experimental/cassandra/service.py`, and multiple class CbBackup methods in `trove/guestagent/strategies/backup/experimental/couchbase_impl.py` in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.
Affected packages (2)
- Debian/openstack-trovefrom 0
- PyPI/trovefrom 0, < 4.0.0a0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (15)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-3156
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3156
- PATCHhttps://github.com/openstack/trove
- WEBhttps://bugs.launchpad.net/trove/+bug/1398195
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1216073
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55
- WEBhttps://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194
- WEBhttps://github.com/openstack/trove/commit/61774984aa2bacfe89867fc39a402a6a4cfb8f33