CVE-2021-3585Sensitive Information Exposure in Tripleo Heat Templates

CWE-200Sensitive Information ExposureCWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack Tripleo Heat TemplatesOpenstack Tripleo-heat-templates
Timeline
PublishedAug 26
Latest updateAug 27

Description

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5openstack/tripleo-heat-templatesFixed in openstack-tripleo-heat-templates-8.4.1

Patches

Patch: review.opendev.orgPatch: review.opendev.org

🔴Vulnerability Details

3
GHSA
GHSA-4qwm-996c-w925: A flaw was found in openstack-tripleo-heat-templates2022-08-27
CVEList
CVE-2021-3585: A flaw was found in openstack-tripleo-heat-templates2022-08-26
OSV
CVE-2021-3585: A flaw was found in openstack-tripleo-heat-templates2022-08-26

📋Vendor Advisories

1
Red Hat
openstack-tripleo-heat-templates: Plain password logged in rhel-registration retry2021-05-18
CVE-2021-3585 — Sensitive Information Exposure | cvebase