The _write_config
function in trove/guestagent/datastore/experimental/mongodb/service.py
, reset_configuration
function in trove/guestagent/datastore/experimental/postgresql/service/config.py
, write_config
function in trove/guestagent/datastore/experimental/redis/service.py
, _write_mycnf
function in trove/guestagent/datastore/mysql/service.py
, InnoBackupEx::_run_prepare
function in trove/guestagent/strategies/restore/mysql_impl.py
, InnoBackupEx::cmd
function in trove/guestagent/strategies/backup/mysql_impl.py
,MySQLDump::cmd
in trove/guestagent/strategies/backup/mysql_impl.py
, InnoBackupExIncremental::cmd
function in trove/guestagent/strategies/backup/mysql_impl.py
, _get_actual_db_status
function in trove/guestagent/datastore/experimental/cassandra/system.py
and trove/guestagent/datastore/experimental/cassandra/service.py
, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py
in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.
{ "severity": "MODERATE", "github_reviewed_at": "2024-05-14T21:19:05Z", "nvd_published_at": "2017-08-11T21:29:00Z", "cwe_ids": [ "CWE-59" ], "github_reviewed": true }