Lucene search

RedhatCVELIST:CVE-2022-3261

HistorySep 15, 2023 - 8:20 p.m.

CVE-2022-3261 Plain-text passwords saved in /var/log/messages

2023-09-1520:20:18

CWE-256

redhat

www.cve.org

openstack

plain-text passwords

sensitive information

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.2%

JSON

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

CNA Affected

[
  {
    "product": "openstack",
    "vendor": "n/a",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2022-3261

bugzilla.redhat.com/show_bug.cgi?id=2128834

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.2%

JSON

Related for CVELIST:CVE-2022-3261