Medium severity6.4NVD Advisory· Published Sep 21, 2017· Updated May 13, 2026
CVE-2017-7549
CVE-2017-7549
Description
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
instack-undercloudPyPI | <= 7.2.0 | — |
Affected products
4cpe:2.3:a:openstack:instack-undercloud:5.3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:openstack:instack-undercloud:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:instack-undercloud:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:instack-undercloud:7.2.0:*:*:*:*:*:*:*
- Red Hat, Inc./instack-undercloudv5Range: Pike, 12: v7.2.0, Ocata, 11: v6.1.0, Newton, 10: v5.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.securityfocus.com/bid/100407nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-53wm-97p6-582fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7549ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:2557nvdWEB
- access.redhat.com/errata/RHSA-2017:2649nvdWEB
- access.redhat.com/errata/RHSA-2017:2687nvdWEB
- access.redhat.com/errata/RHSA-2017:2693nvdWEB
- access.redhat.com/errata/RHSA-2017:2726nvdWEB
- access.redhat.com/security/cve/CVE-2017-7549ghsaWEB
- opendev.org/openstack/instack-undercloudghsaWEB
- web.archive.org/web/20170907040549/http://www.securityfocus.com/bid/100407ghsaWEB
News mentions
0No linked articles in our index yet.