logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2022-3146 tripleo-ansible

Package

Manager: pip
Name: tripleo-ansible
Vulnerable Version: >=0 <=6.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00012 pctl0.01217

Details

tripleo-ansible may disclose important configuration details from an OpenStack deployment A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

Metadata

Created: 2023-03-23T21:30:19Z
Modified: 2023-03-30T22:16:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-w4x6-6w3r-9h2m/GHSA-w4x6-6w3r-9h2m.json
CWE IDs: ["CWE-22", "CWE-276", "CWE-732"]
Alternative ID: GHSA-w4x6-6w3r-9h2m
Finding: F056
Auto approve: 1