Local File Write Vulnerability in OpenStack Trove
CVE-2015-3156

5.5MEDIUM

Key Information:

Vendor

Openstack
Status
Trove
Vendor
CVE Published:
11 August 2017

What is CVE-2015-3156?

The vulnerability allows local users to exploit a symlink attack on temporary files in OpenStack Trove, leading to unauthorized writing to configuration files across various datastore services, including MySQL, PostgreSQL, MongoDB, and Cassandra. Exploiting this flaw can result in configuration changes that affect the integrity and security of the affected databases, potentially compromising the entire system.

References

https://github.com/openstack/trove/blob/master/trove/gues...
x_refsource_MISC
https://github.com/openstack/trove/blob/master/trove/gues...
x_refsource_MISC
https://github.com/openstack/trove/blob/master/trove/gues...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.