Flaw was found in tripleo-ansible. Ansible log file is accessible to all users during stack update/creation. #getfacl /var/lib/mistral/overcloud/ansible.log # owner: 42430 # group: 42430 user::rw- group::r-- other::r-- ========> This is the problem This was discovered/reported in a related flaw: https://bugzilla.redhat.com/show_bug.cgi?id=1936278
Lifting embargo, the orig reporting bug (which this spawned from) was already public.
Created tripleo-ansible tracking bugs for this issue: Affects: openstack-rdo [bug 1955268]
Acknowledgments: Name: Cédric Jeanneret (Red Hat)
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2021:2119 https://access.redhat.com/errata/RHSA-2021:2119
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-31918