CVE-2022-3146

Опубликовано: 23 мар. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

Ссылки

https://access.redhat.com/security/cve/CVE-2022-3146
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-3146
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openstack:tripleo_ansible:-:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:16.2:-:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack_for_ibm_power:16.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack_for_ibm_power:16.2:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00015

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2022-3146

CVSS3: 7.3

redhat

больше 3 лет назад

GHSA-w4x6-6w3r-9h2m