Information Disclosure

2022-11-1000:13:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

information disclosure

insecure configuration

sensitive file permissions

local attacker

brute force attack

directory exploration

important configuration details

software

0.0005 Low

EPSS

Percentile

16.0%

JSON

tripleo_ansible is vulnerable to Information Disclosure. The vulnerability exists due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted which allows an local attacker to use a brute force attack to explore the relevant directory and discover the file, leading to disclosure of important configuration details.

CPENameOperatorVersion
openstack-tripleo-commoneq11.3.3__0.20200107225621.47626e1.el8ost
openstack-tripleo-commoneq11.4.1__1.20210407183435.el8ost
openstack-tripleo-commoneq11.4.1__1.20200914165651.el8ost
openstack-tripleo-commoneq11.7.1__2.20220318011205.b5ef9a5.el8ost
openstack-tripleo-commoneq11.4.1__1.20200917023445.el8ost
openstack-tripleo-commoneq11.3.3__0.20200611110657.f7715be.el8ost
openstack-tripleo-commoneq11.3.3__0.20200403044649.56c0fd5.el8ost
openstack-tripleo-commoneq11.7.1__2.20211218004850.173edba.el8ost
openstack-tripleo-commoneq10.8.2__0.20190913130445.4754dea.el8ost
openstack-tripleo-commoneq11.4.0__1.el8

Name	Operator	Version
openstack-tripleo-common	eq	11.3.3__0.20200107225621.47626e1.el8ost
openstack-tripleo-common	eq	11.4.1__1.20210407183435.el8ost
openstack-tripleo-common	eq	11.4.1__1.20200914165651.el8ost
openstack-tripleo-common	eq	11.7.1__2.20220318011205.b5ef9a5.el8ost
openstack-tripleo-common	eq	11.4.1__1.20200917023445.el8ost
openstack-tripleo-common	eq	11.3.3__0.20200611110657.f7715be.el8ost
openstack-tripleo-common	eq	11.3.3__0.20200403044649.56c0fd5.el8ost
openstack-tripleo-common	eq	11.7.1__2.20211218004850.173edba.el8ost
openstack-tripleo-common	eq	10.8.2__0.20190913130445.4754dea.el8ost
openstack-tripleo-common	eq	11.4.0__1.el8