An an information leak was discovered in OpenStack's undercloud. Rsync stores sensitive swift data (for example administrative credentials to the overcloud) in a manner that makes this information visible to local users of the undercloud. This enables potentially anyone with network access to the undercloud to further gain access to the rest of an OpenStack deployment.
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 - ELS Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2022:8897 https://access.redhat.com/errata/RHSA-2022:8897
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3596