Lucene search

[email protected]CVE-2022-3101

HistoryMar 23, 2023 - 9:15 p.m.

CVE-2022-3101

2023-03-2321:15:18

CWE-22

CWE-276

CWE-732

[email protected]

web.nvd.nist.gov

cve-2022-3101

tripleo-ansible

information disclosure

openstack

insecure default configuration

permissions issue

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

Affected configurations

NVD

Node

openstacktripleo_ansibleMatch-

redhatopenstackMatch16.1

redhatopenstackMatch16.2-

redhatopenstack_for_ibm_powerMatch16.1

redhatopenstack_for_ibm_powerMatch16.2

CPENameOperatorVersion
openstack:tripleo_ansibleopenstack tripleo ansibleeq-
redhat:openstackredhat openstackeq16.1
redhat:openstackredhat openstackeq16.2
redhat:openstack_for_ibm_powerredhat openstack for ibm powereq16.1
redhat:openstack_for_ibm_powerredhat openstack for ibm powereq16.2

CPE	Name	Operator	Version
openstack:tripleo_ansible	openstack tripleo ansible	eq	-
redhat:openstack	redhat openstack	eq	16.1
redhat:openstack	redhat openstack	eq	16.2
redhat:openstack_for_ibm_power	redhat openstack for ibm power	eq	16.1
redhat:openstack_for_ibm_power	redhat openstack for ibm power	eq	16.2

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "tripleo-ansible",
    "versions": [
      {
        "version": "unknown",
        "status": "affected"
      }
    ]
  }
]