CVE-2017-7501

ADVISORY - nist

Summary

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

EPSS Score⁠: 0.00054 (0.171)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - redhat

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.