5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-3101

GHSA ID

GHSA-7x96-2w32-w3gw

EPSS Score

0.01222%

CWE

CWE-22

Published

3/23/2023

Updated

3/30/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-3101

CVE-2022-3101: tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

(GitHub Advisory)

5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-3101

GHSA ID

GHSA-7x96-2w32-w3gw

EPSS Score

0.01222%

CWE

CWE-22

Published

3/23/2023

Updated

3/30/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tripleo-ansible	pip	<= 6.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in tripl*o-*nsi*l*. *u* to *n ins**ur* ****ult *on*i*ur*tion, t** p*rmissions o* * s*nsitiv* *il* *r* not su**i*i*ntly r*stri*t**. T*is *l*w *llows * lo**l *tt**k*r to us* *rut* *or** to *xplor* t** r*l*v*nt *ir**tory *n* *is*ov*r t*

Reasoning

No *n*lysis *v*il**l*

5.5

Basic Information

Concerned about an active attack path?

CVE-2022-3101: tripleo-ansible may disclose important configuration details from an OpenStack deployment

5.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI