Sensitive Data Exposure in OpenStack TripleO Deployment Templates
CVE-2021-3585

5.5MEDIUM

Key Information:

Vendor
Openstack
Status
Openstack/tripleo-heat-templates.
Vendor
CVE Published:
26 August 2022

Summary

A security flaw has been identified in OpenStack TripleO Heat Templates, where plain-text passwords from the Red Hat Subscription Manager (RHSM) are unintentionally logged during the deployment process of OpenStack Platform 13. This exposure of sensitive credentials poses a risk to system security, as unauthorized access can be gained if logs are not properly secured. Users of affected versions are advised to review their log management practices and apply the latest updates to mitigate this vulnerability.

Affected Version(s)

openstack/tripleo-heat-templates. Fixed in openstack-tripleo-heat-templates-8.4.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1961709
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1968247
x_refsource_MISC
https://bugs.launchpad.net/tripleo/+bug/1931132
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.