Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3146

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

Published

2023-03-23T21:15:19.007

Last Modified

2024-11-21T07:18:55.360

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
Type: Primary
CWE-22
CWE-276
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openstack	tripleo_ansible	-	Yes
Application	redhat	openstack	16.1	Yes
Application	redhat	openstack	16.2	Yes
Application	redhat	openstack_for_ibm_power	16.1	Yes
Application	redhat	openstack_for_ibm_power	16.2	Yes

References

https://access.redhat.com/security/cve/CVE-2022-3146 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-3146 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)