Lucene search

K
githubGitHub Advisory DatabaseGHSA-W4X6-6W3R-9H2M
HistoryMar 23, 2023 - 9:30 p.m.

tripleo-ansible may disclose important configuration details from an OpenStack deployment

2023-03-2321:30:19
CWE-22
CWE-276
CWE-732
GitHub Advisory Database
github.com
10
tripleo-ansible
openstack
information disclosure
insecure configuration
sensitive file

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

15.9%

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

Affected configurations

Vulners
Node
tripleoansibleRange6.0.0
CPENameOperatorVersion
tripleo-ansiblele6.0.0

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

15.9%