CVE-2021-31918

CWE-200Information ExposureCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.5HIGH
EPSS
0.2%
top 56.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack
Timeline
PublishedMay 6
Latest updateMay 24

Description

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5tripleo-ansibleAs shipped in Red Hat Openstack 16.1

🔴Vulnerability Details

2
GHSA
GHSA-r7f5-2xmq-3252: A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 162022-05-24
CVEList
CVE-2021-31918: A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 162021-05-06

📋Vendor Advisories

1
Red Hat
tripleo-ansible: ansible.log file is visible to unprivileged users2021-04-29
CVE-2021-31918 (HIGH CVSS 7.5) | A flaw was found in tripleo-ansible | cvebase.io