PyPi: Packstack

CVE-2013-0261

Safety vulnerability ID: 52947

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 08, 2013 Updated at Dec 10, 2024

Scan your Python projects for vulnerabilities →

Advisory

Packstack 2012.2.3 includes a fix for CVE-2013-0261: (1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
https://opendev.org/x/packstack/commit/624d49a0e8305e6613a9637437f7cdfb8a7852e9

Affected package

packstack

Latest version: 25.0.0

A utility to install OpenStack

Affected versions

Fixed versions

Vulnerability changelog

CVE-2013-0261 OpenStack packstack: insecure use of /tmp in manifest creation See CVE-2013-0261.

MISC:RHBZ#908101: https://bugzilla.redhat.com/show_bug.cgi?id=908101
MISC:RHSA-2013:0595: http://rhn.redhat.com/errata/RHSA-2013-0595.html
MISC:RHSA-2013:0595: https://access.redhat.com/errata/RHSA-2013:0595
MISC:https://access.redhat.com/security/cve/CVE-2013-0261: https://access.redhat.com/security/cve/CVE-2013-0261

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 4.4

CVSS v2 Details

MEDIUM 4.4

Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): PARTIAL