GHSA-w4x6-6w3r-9h2m

Source

https://github.com/advisories/GHSA-w4x6-6w3r-9h2m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-w4x6-6w3r-9h2m/GHSA-w4x6-6w3r-9h2m.json

Aliases

CVE-2022-3146

Published

2023-03-23T21:30:19Z

Modified

2023-11-08T04:09:30.723975Z

Details

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-3146
https://access.redhat.com/security/cve/CVE-2022-3146
https://github.com/openstack/tripleo-ansible

Affected packages

PyPI / tripleo-ansible

Package

Name: tripleo-ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Last affected

6.0.0

Affected versions

6.*

6.0.0