Vulnerability Details : CVE-2022-3596
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
Products affected by CVE-2022-3596
- cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:els:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3596
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3596
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
3.9
|
4.0
|
Red Hat, Inc. | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
Red Hat, Inc. | 2024-05-03 |
CWE ids for CVE-2022-3596
-
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2022-3596
-
https://access.redhat.com/security/cve/CVE-2022-3596
CVE-2022-3596- Red Hat Customer PortalMitigation;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2136596
2136596 – (CVE-2022-3596) CVE-2022-3596 instack-undercloud: rsync leaks information to undercloudIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2022:8897
RHSA-2022:8897 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to