CVE-2022-3101

MEDIUM

Openstack Tripleo Ansible - Path Traversal

Title source: rule

Description

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

References (1)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2022-3101

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22 CWE-276 CWE-732

Status published

Affected Products (6)

openstack/tripleo_ansible

redhat/openstack

redhat/openstack_for_ibm_power

pypi/tripleo-ansible PyPI

Timeline

Published Mar 23, 2023

Tracked Since Feb 18, 2026