CVE-2022-3146

EUVD-2023-1127
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
openstacktripleo_ansible
-
redhatopenstack
16.1
redhatopenstack
16.2
redhatopenstack_for_ibm_power
16.1
redhatopenstack_for_ibm_power
16.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2022-3146
https://access.redhat.com/security/cve/CVE-2022-3146