CVE-2022-3146
published 2023-03-23CVE-2022-3146: A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack_for_ibm_power | — | — |
| redhat | openstack_for_ibm_power | — | — |