CVE-2017-7549: Improper Link Resolution Before File Access

September 21, 2017 (updated January 5, 2018)

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

References

www.securityfocus.com/bid/100407
bugzilla.redhat.com/show_bug.cgi?id=1477403
nvd.nist.gov/vuln/detail/CVE-2017-7549

Code Behaviors & Features

Detect and mitigate CVE-2017-7549 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →