Vulnerability Details : CVE-2021-31918
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
Vulnerability category: Information leak
Products affected by CVE-2021-31918
- cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-31918
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-31918
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-31918
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: secalert@redhat.com (Secondary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-31918
-
https://bugzilla.redhat.com/show_bug.cgi?id=1954250
1954250 – (CVE-2021-31918) CVE-2021-31918 tripleo-ansible: ansible.log file is visible to unprivileged usersIssue Tracking;Vendor Advisory
Jump to