CVE-2022-3596

Published: Sep 20, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

Affected (2)

Products: Redhat: Openstack Platform

1 product

Openstack Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack Platform	Version 13.0
Redhat Openstack Platform	Version 13.0

Related CWEs

Transmission of Private Resources into a New Sphere ('Resource Leak')

The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

References (6)

https://access.redhat.com/errata/RHSA-2022:8897

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2022-3596

Source: secalert@redhat.com

MitigationVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2136596

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2022:8897

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2022-3596

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2136596

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.