CVE-2022-3146
Last modified
CVE-2022-3146 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Tripleo Ansible | All versions |
| Redhat | Openstack | 16.1 |
| Redhat | Openstack | 16.2 |
| Redhat | Openstack For Ibm Power | 16.1 |
| Redhat | Openstack For Ibm Power | 16.2 |
References
- https://access.redhat.com/security/cve/CVE-2022-3146Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-3146Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3146?
How severe is CVE-2022-3146?
How do I fix CVE-2022-3146?
Are you affected by CVE-2022-3146?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST