CVE-2021-31918

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: tripleo-ansible version as shipped in Red Hat Openstack 16.1

Description: A flaw was found in the software, where the Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.

Recommendations: For tripleo-ansible version as shipped in Red Hat Openstack 16.1, consider restricting access to the Ansible log file to minimize the risk of exploitation.

Fix

Information Disclosure

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-732

Related Identifiers

CVE-2021-31918

RHSA-2021:2119

Affected Products

Tripleo-Ansible

CVE-2021-31918

Weakness Enumeration

Related Identifiers

Affected Products

References · 3