CVE-2022-3101

Public on

Last Modified: UTC

ImportantImportant ImpactWhat does this mean?
DescriptionAdditional informationAffected PackagesCVSS Score DetailsWeakness (CWE)AcknowledgementsFAQ

Description

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

Additional information

  • Bugzilla 2123870: tripleo-ansible: /var/lib/mistral/overcloud discoverable
  • CWE-22->CWE-276->CWE-732: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') leads to Incorrect Default Permissions leads to Incorrect Permission Assignment for Critical Resource
  • FAQ: Frequently asked questions about CVE-2022-3101

Common Vulnerability Scoring System (CVSS) Score Details

Important note

CVSS scores for open source components depend on vendor-specific factors (e.g. version or build chain). Therefore, Red Hat's score and impact rating can be different from NVD and other vendors. Red Hat remains the authoritative CVE Naming Authority (CNA) source for its products and services (see Red Hat classifications).

CVSS v3 Score Breakdown
Red HatNVD

CVSS v3 Base Score

7.3

5.5

Attack Vector

Local

Local

Attack Complexity

Low

Low

Privileges Required

Low

Low

User Interaction

None

None

Scope

Changed

Unchanged

Confidentiality Impact

Low

High

Integrity Impact

None

None

Availability Impact

High

None

CVSS v3 Vector

Red Hat: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

NVD: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Understanding the Weakness (CWE)

CWE-22

Integrity,Confidentiality,Availability

Technical Impact: Execute Unauthorized Code or Commands

The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.

Integrity

Technical Impact: Modify Files or Directories

The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication.

Confidentiality

Technical Impact: Read Files or Directories

The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system.

Availability

Technical Impact: DoS: Crash, Exit, or Restart

The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the product from working at all and in the case of protection mechanisms such as authentication, it has the potential to lock out product users.

 CWE-276

Confidentiality,Integrity

Technical Impact: Read Application Data; Modify Application Data

 CWE-732

Confidentiality

Technical Impact: Read Application Data; Read Files or Directories

An attacker may be able to read sensitive information from the associated resource, such as credentials or configuration information stored in a file.

Access Control

Technical Impact: Gain Privileges or Assume Identity

An attacker may be able to modify critical properties of the associated resource to gain privileges, such as replacing a world-writable executable with a Trojan horse.

Integrity,Other

Technical Impact: Modify Application Data; Other

An attacker may be able to destroy or corrupt critical data in the associated resource, such as deletion of records from a database.

Acknowledgements

This issue was discovered by Dave Hill (Red Hat).

Frequently Asked Questions

Why is Red Hat's CVSS v3 score or Impact different from other vendors?

My product is listed as "Under investigation" or "Affected", when will Red Hat release a fix for this vulnerability?

What can I do if my product is listed as "Will not fix"?

What can I do if my product is listed as "Fix deferred"?

What is a mitigation?

I have a Red Hat product but it is not in the above list, is it affected?

Why is my security scanner reporting my product as vulnerable to this vulnerability even though my product version is fixed or not affected?

Want to get errata notifications? Sign up here.