CVE-2021-3585
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD
Description
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
Affected (1)
Products: Openstack: Tripleo Heat Templates
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.4.1 |
Related CWEs
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
References (10)
Source: secalert@redhat.com
ExploitThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPermissions Required
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPermissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Timeline
No history available yet.