CVE-2022-3596

CVE Database · CVE-2022-3596

CVE-2022-3596

· HIGHModified

CVSS v3.1

7.5

EPSS

1.11%

Published

Sep 20, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-402

Affected Products (2)

redhat · openstack_platformvulnerable

References (6)

https://access.redhat.com/errata/RHSA-2022:8897

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2022-3596

MitigationVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2136596