Sensitive Data Exposure in OpenStack TripleO Deployment Templates
CVE-2021-3585

5.5MEDIUM

Key Information:

Vendor
Openstack
Vendor
CVE Published:
26 August 2022

Summary

A security flaw has been identified in OpenStack TripleO Heat Templates, where plain-text passwords from the Red Hat Subscription Manager (RHSM) are unintentionally logged during the deployment process of OpenStack Platform 13. This exposure of sensitive credentials poses a risk to system security, as unauthorized access can be gained if logs are not properly secured. Users of affected versions are advised to review their log management practices and apply the latest updates to mitigate this vulnerability.

Affected Version(s)

openstack/tripleo-heat-templates. Fixed in openstack-tripleo-heat-templates-8.4.1

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.