CVE-2015-3156 — Link Following in Trove

CWE-59 — Link Following CWE-377 — Insecure Temporary File9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 68.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Trove

Timeline

PublishedAug 11

Latest updateMay 17

Description

The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶PyPIopenstack/trove< 4.0.0a0

▶NVDopenstack/trove2014.2.4

🔴Vulnerability Details

OSV

Openstack DBaaS (Trove) Improper Link Resolution Before File Access↗2022-05-17

▶

GHSA

Openstack DBaaS (Trove) Improper Link Resolution Before File Access↗2022-05-17

▶

CVEList

CVE-2015-3156: The _write_config function in trove/guestagent/datastore/experimental/mongodb/service↗2017-08-11

▶

OSV

CVE-2015-3156: The _write_config function in trove/guestagent/datastore/experimental/mongodb/service↗2017-08-11

▶

📋Vendor Advisories

Debian

CVE-2015-3156: openstack-trove - The _write_config function in trove/guestagent/datastore/experimental/mongodb/se...↗2015

▶

Red Hat

openstack-trove: multiple insecure /tmp file usage issues↗2014-12-22

▶

💬Community

Bugzilla

CVE-2015-3156 openstack-trove: multiple insecure /tmp file usage issues [fedora-all]↗2015-07-28

▶

Bugzilla

CVE-2015-3156 openstack-trove: multiple insecure /tmp file usage issues↗2015-04-28

▶