// For flags

CVE-2022-3146

tripleo-ansible: /etc/openstack/clouds.yaml discoverable

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-06 CVE Reserved
  • 2022-10-18 CVE Published
  • 2023-03-24 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-276: Incorrect Default Permissions
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
Tripleo Ansible
Search vendor "Openstack" for product "Tripleo Ansible"
--
Affected
Redhat
Search vendor "Redhat"
Openstack
Search vendor "Redhat" for product "Openstack"
16.1
Search vendor "Redhat" for product "Openstack" and version "16.1"
-
Affected
Redhat
Search vendor "Redhat"
Openstack
Search vendor "Redhat" for product "Openstack"
16.2
Search vendor "Redhat" for product "Openstack" and version "16.2"
-
Affected
Redhat
Search vendor "Redhat"
Openstack For Ibm Power
Search vendor "Redhat" for product "Openstack For Ibm Power"
16.1
Search vendor "Redhat" for product "Openstack For Ibm Power" and version "16.1"
-
Affected
Redhat
Search vendor "Redhat"
Openstack For Ibm Power
Search vendor "Redhat" for product "Openstack For Ibm Power"
16.2
Search vendor "Redhat" for product "Openstack For Ibm Power" and version "16.2"
-
Affected