CVE-2022-3596
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.7%
An information leak was found in OpenStack’s undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:openstack_platform | redhat openstack platform | eq | 13.0 |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 13.0 - ELS",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "instack-undercloud",
"defaultStatus": "affected",
"versions": [
{
"version": "0:8.4.9-13.el7ost",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openstack:13::el7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "instack-undercloud",
"defaultStatus": "affected",
"versions": [
{
"version": "0:8.4.9-13.el7ost",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openstack:13::el7"
]
}
]Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.7%