CVE-2022-3146

CVE Database · CVE-2022-3146

CVE-2022-3146

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.20%

Published

Mar 23, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-22CWE-22CWE-276CWE-732

Affected Products (5)

openstack · tripleo_ansiblevulnerable

redhat · openstackvulnerable

redhat · openstack_for_ibm_powervulnerable

References (2)

https://access.redhat.com/security/cve/CVE-2022-3146

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2022-3146

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs