A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.
CPE | Name | Operator | Version |
---|---|---|---|
openstack | eq | 16.1 | |
openstack | eq | 16.2 | |
openstack_for_ibm_power | eq | 16.1 | |
openstack_for_ibm_power | eq | 16.2 |