CVE-2022-3596Resource Leak in Redhat Openstack Platform

CWE-402Resource Leak4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 47.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack Platform
Timeline
PublishedSep 20

Description

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Instack-undercloud: rsync leaks information to undercloud2023-09-20
GHSA
GHSA-788f-3f4f-vv6f: An information leak was found in OpenStack's undercloud2023-09-20

📋Vendor Advisories

1
Red Hat
instack-undercloud: rsync leaks information to undercloud2022-12-05