RSS   Vulnerabilities for 'Instack-undercloud'   RSS

2017-09-21
 
CVE-2017-7549

CWE-59
 

 
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

 

 >>> Vendor: Openstack 55 Products
Manila
HEAT
Compute
Essex
NOVA
Horizon
Diablo
Folsom
Keystone
Swift
Glance
Grizzly
Cinder folsom
Compute (nova) essex
Compute (nova) folsom
Keystone essex
Devstack
Havana
Openstack
Python glanceclient
Python-keystoneclient
Image registry and delivery service (glance)
Ceilometer
OSLO
Icehouse
Neutron
JUNO
Pycadf
Telemetry (ceilometer)
Keystonemiddleware
Cinder
Trove
Compute (nova)
KILO
Ironic inspector
Swift3
Tripleo heat templates
Mitaka-murano
Murano
Murano-dashboard
Python-muranoclient
Puppet-gerrit
Nova-lxd
Ironic
Cloud magnum orchestration
Designate
Instack-undercloud
Swauth
Puppet-tripleo
Oslo.middleware
Tripleo-common
Magnum
Ironic-inspector
Os-vif
Puppet-swift


Copyright 2024, cxsecurity.com

 

Back to Top