5.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2015-3156

GHSA ID

GHSA-98c8-36p9-gw66

EPSS Score

0.22229%

CWE

CWE-59

Published

5/17/2022

Updated

5/14/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2015-3156

CVE-2015-3156: Openstack DBaaS (Trove) Improper Link Resolution Before File Access

The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py,MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.

(GitHub Advisory)

5.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2015-3156

GHSA ID

GHSA-98c8-36p9-gw66

EPSS Score

0.22229%

CWE

CWE-59

Published

5/17/2022

Updated

5/14/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
trove	pip	< 4.0.0a0	4.0.0a0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from multiple functions across Trove's datastore implementations using predictable temporary file paths without proper atomicity checks (O_EXCL). This allows local attackers to create symlinks at expected temporary file locations, leading to configuration/file overwrites. The commit 6177498 explicitly fixes this pattern in Cassandra's write_config by introducing secure mkstemp usage, confirming the vulnerability pattern. The CVE description and GHSA advisory explicitly list all these functions as vulnerable entry points with the same flaw pattern. High confidence comes from: 1) Explicit listing in vulnerability reports, 2) Commit showing insecure pattern remediation in one component, 3) Consistent CWE-59 pattern across all listed functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `_writ*_*on*i*` *un*tion in `trov*/*u*st***nt/**t*stor*/*xp*rim*nt*l/mon*o**/s*rvi**.py`, `r*s*t_*on*i*ur*tion` *un*tion in `trov*/*u*st***nt/**t*stor*/*xp*rim*nt*l/post*r*sql/s*rvi**/*on*i*.py`, `writ*_*on*i*` *un*tion in `trov*/*u*st***nt/**t*s

Reasoning

T** vuln*r**ility st*ms *rom multipl* *un*tions **ross Trov*'s **t*stor* impl*m*nt*tions usin* pr**i*t**l* t*mpor*ry *il* p*t*s wit*out prop*r *tomi*ity ****ks (O_*X*L). T*is *llows lo**l *tt**k*rs to *r**t* symlinks *t *xp**t** t*mpor*ry *il* lo**ti

5.5

Basic Information

Concerned about an active attack path?

CVE-2015-3156: Openstack DBaaS (Trove) Improper Link Resolution Before File Access

5.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI