Local File Write Vulnerability in OpenStack Trove
CVE-2015-3156
5.5MEDIUM
Summary
The vulnerability allows local users to exploit a symlink attack on temporary files in OpenStack Trove, leading to unauthorized writing to configuration files across various datastore services, including MySQL, PostgreSQL, MongoDB, and Cassandra. Exploiting this flaw can result in configuration changes that affect the integrity and security of the affected databases, potentially compromising the entire system.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved