CVE-2021-31918
tripleo-ansible: ansible.log file is visible to unprivileged users
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
Se encontró un fallo en la versión tripleo-ansible como es enviado en Red Hat Openstack versión 16.1. El archivo de registro de Ansible es legible para todos los usuarios durante la actualización y creación de la pila. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos
A flaw was found in tripleo-ansible. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
An update for tripleo-ansible is now available for Red Hat OpenStack Platform 16.1 (Train). It addresses an issue where the ansible.log file is visible to unprivileged users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-29 CVE Reserved
- 2021-05-06 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1954250 | 2021-05-26 | |
| https://access.redhat.com/security/cve/CVE-2021-31918 | 2021-05-26 |