Bug 2136596 (CVE-2022-3596)
| Summary: | CVE-2022-3596 instack-undercloud: rsync leaks information to undercloud | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Nick Tait <ntait> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | cschwede, eglynn, jjoyce, jslagle, lhh, mburns, mgarciac, security-response-team, spower |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-12-10 10:33:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2131972 | ||
| Bug Blocks: | 2132112 | ||
|
Description
Nick Tait
2022-10-20 18:25:44 UTC
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 - ELS Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2022:8897 https://access.redhat.com/errata/RHSA-2022:8897 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3596 |