VYPR
Medium severity6.4NVD Advisory· Published Sep 21, 2017· Updated Jun 17, 2026

CVE-2017-7549

CVE-2017-7549

Description

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
instack-undercloudPyPI
<= 7.2.0

Affected products

5
  • cpe:2.3:a:openstack:instack-undercloud:5.3.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:openstack:instack-undercloud:5.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:instack-undercloud:6.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:instack-undercloud:7.2.0:*:*:*:*:*:*:*
  • ghsa-coords
    Range: <= 7.2.0
  • Red Hat, Inc./instack-undercloudv5
    Range: Pike, 12: v7.2.0, Ocata, 11: v6.1.0, Newton, 10: v5.3.0

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.