CVE-2022-3146 – tripleo-ansible: /etc/openstack/clouds.yaml discoverable
https://notcve.org/view.php?id=CVE-2022-3146
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. • https://access.redhat.com/security/cve/CVE-2022-3146 https://bugzilla.redhat.com/show_bug.cgi?id=2124721 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-3101 – tripleo-ansible: /var/lib/mistral/overcloud discoverable
https://notcve.org/view.php?id=CVE-2022-3101
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. • https://access.redhat.com/security/cve/CVE-2022-3101 https://bugzilla.redhat.com/show_bug.cgi?id=2123870 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •