Описание
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
Отчет
Red Hat OpenStack Platform releases other than 13 are not affected by this vulnerability. This is because they use a different architecture, which does not rely on rsync running on the undercloud.
Меры по смягчению последствий
The rsync daemon is no longer needed and can be manually disabled by running the following commands on the undercloud: sudo rm /etc/xinetd.d/rsync /etc/rsyncd.conf sudo systemctl restart xinetd However, this will be reverted if the undercloud gets updated.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
Уязвимость демона rsync платформы для построения облачных решений OpenStack Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.5 High
CVSS3