CVE-2022-3146
tripleo-ansible: /etc/openstack/clouds.yaml discoverable
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.
An update for tripleo-ansible is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-06 CVE Reserved
- 2022-10-18 CVE Published
- 2025-02-25 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-276: Incorrect Default Permissions
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-3146 | 2022-10-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2124721 | 2022-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Tripleo Ansible Search vendor "Openstack" for product "Tripleo Ansible" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 16.1 Search vendor "Redhat" for product "Openstack" and version "16.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 16.2 Search vendor "Redhat" for product "Openstack" and version "16.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack For Ibm Power Search vendor "Redhat" for product "Openstack For Ibm Power" | 16.1 Search vendor "Redhat" for product "Openstack For Ibm Power" and version "16.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack For Ibm Power Search vendor "Redhat" for product "Openstack For Ibm Power" | 16.2 Search vendor "Redhat" for product "Openstack For Ibm Power" and version "16.2" | - |
Affected
| ||||||