Lucene search

GoogleOSV:GHSA-W4X6-6W3R-9H2M

HistoryMar 23, 2023 - 9:30 p.m.

tripleo-ansible may disclose important configuration details from an OpenStack deployment

2023-03-2321:30:19

Google

osv.dev

tripleo-ansible

insecure configuration

local attacker

information disclosure

openstack deployment

software

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

16.0%

JSON

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

CPENameOperatorVersion
tripleo-ansibleeq6.0.0

CPE	Name	Operator	Version
	tripleo-ansible	eq	6.0.0

References

access.redhat.com/security/cve/CVE-2022-3146

github.com/openstack/tripleo-ansible

nvd.nist.gov/vuln/detail/CVE-2022-3146

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for OSV:GHSA-W4X6-6W3R-9H2M