7.5

CVE-2022-3261

Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatOpenstack Platform Version16.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.206
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-256 Plaintext Storage of a Password

The product stores a password in plaintext within resources such as memory or files.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://access.redhat.com/security/cve/CVE-2022-3261
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2128834
Vendor Advisory
Issue Tracking