Описание
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 13 (Queens) | tripleo-ansible | Not affected | ||
| Red Hat OpenStack Platform 16.1 | openstack-tripleo-common | Fixed | RHSA-2022:6969 | 17.10.2022 |
| Red Hat OpenStack Platform 16.1 | tripleo-ansible | Fixed | RHSA-2022:6969 | 17.10.2022 |
| Red Hat OpenStack Platform 16.2 | openstack-tripleo-common | Fixed | RHSA-2022:6969 | 17.10.2022 |
| Red Hat OpenStack Platform 16.2 | tripleo-ansible | Fixed | RHSA-2022:6969 | 17.10.2022 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.
tripleo-ansible may disclose important configuration details from an OpenStack deployment
7.3 High
CVSS3