Sensitive Data Exposure in OpenStack TripleO Deployment Templates
CVE-2021-3585
5.5MEDIUM
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 26 August 2022
Summary
A security flaw has been identified in OpenStack TripleO Heat Templates, where plain-text passwords from the Red Hat Subscription Manager (RHSM) are unintentionally logged during the deployment process of OpenStack Platform 13. This exposure of sensitive credentials poses a risk to system security, as unauthorized access can be gained if logs are not properly secured. Users of affected versions are advised to review their log management practices and apply the latest updates to mitigate this vulnerability.
Affected Version(s)
openstack/tripleo-heat-templates. Fixed in openstack-tripleo-heat-templates-8.4.1
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved