Sensitive Data Exposure in OpenStack TripleO Deployment Templates
CVE-2021-3585

5.5MEDIUM

Key Information:

Vendor: Openstack
Status: Openstack/tripleo-heat-templates.
Vendor: CVE Published:; 26 August 2022

What is CVE-2021-3585?

A security flaw has been identified in OpenStack TripleO Heat Templates, where plain-text passwords from the Red Hat Subscription Manager (RHSM) are unintentionally logged during the deployment process of OpenStack Platform 13. This exposure of sensitive credentials poses a risk to system security, as unauthorized access can be gained if logs are not properly secured. Users of affected versions are advised to review their log management practices and apply the latest updates to mitigate this vulnerability.

Affected Version(s)

openstack/tripleo-heat-templates. Fixed in openstack-tripleo-heat-templates-8.4.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1961709

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1968247

x_refsource_MISC

https://bugs.launchpad.net/tripleo/+bug/1931132

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2022
Vulnerability Reserved
Jun 7, 2021

Openstack

What is CVE-2021-3585?

Affected Version(s)

References

CVSS V3.1

Timeline