CVE-2022-3146

MEDIUM

Openstack Tripleo Ansible - Path Traversal

Title source: rule

Description

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

References (1)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2022-3146

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22 CWE-276 CWE-732

Status published

Affected Products (6)

openstack/tripleo_ansible

redhat/openstack

redhat/openstack_for_ibm_power

pypi/tripleo-ansible PyPI

Timeline

Published Mar 23, 2023

Tracked Since Feb 18, 2026