{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3596", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2022-10-18T23:34:01.540Z", "datePublished": "2023-09-20T19:06:28.487Z", "dateUpdated": "2024-08-03T01:14:02.457Z"}, "containers": {"cna": {"title": "Instack-undercloud: rsync leaks information to undercloud", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13.0 - ELS", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "instack-undercloud", "defaultStatus": "affected", "versions": [{"version": "0:8.4.9-13.el7ost", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openstack:13::el7"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "instack-undercloud", "defaultStatus": "affected", "versions": [{"version": "0:8.4.9-13.el7ost", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openstack:13::el7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2022:8897", "name": "RHSA-2022:8897", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3596", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136596", "name": "RHBZ#2136596", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2022-12-05T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-402", "description": "Transmission of Private Resources into a New Sphere ('Resource Leak')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')", "workarounds": [{"lang": "en", "value": "The rsync daemon is no longer needed and can be manually disabled by running the following commands on the undercloud:\n\n sudo rm /etc/xinetd.d/rsync /etc/rsyncd.conf \n sudo systemctl restart xinetd\n\nHowever, this will be reverted if the undercloud gets updated."}], "timeline": [{"lang": "en", "time": "2022-10-04T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-05T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Maciej Relewicz (Juniper Networks) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-03T15:32:25.112Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-03T19:52:27.052407Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:15:32.341Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.457Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2022:8897", "name": "RHSA-2022:8897", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3596", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136596", "name": "RHBZ#2136596", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2022:8897", "name": "RHSA-2022:8897", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3596", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136596", "name": "RHBZ#2136596", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.457Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-03T19:52:27.052407Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-03T19:52:34.791Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Instack-undercloud: rsync leaks information to undercloud", "credits": [{"lang": "en", "value": "Red Hat would like to thank Maciej Relewicz (Juniper Networks) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openstack:13::el7"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13.0 - ELS", "versions": [{"status": "unaffected", "version": "0:8.4.9-13.el7ost", "lessThan": "*", "versionType": "rpm"}], "packageName": "instack-undercloud", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13::el7"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "versions": [{"status": "unaffected", "version": "0:8.4.9-13.el7ost", "lessThan": "*", "versionType": "rpm"}], "packageName": "instack-undercloud", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2022-10-04T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-05T00:00:00+00:00", "value": "Made public."}], "datePublic": "2022-12-05T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2022:8897", "name": "RHSA-2022:8897", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3596", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136596", "name": "RHBZ#2136596", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "The rsync daemon is no longer needed and can be manually disabled by running the following commands on the undercloud:\n\n sudo rm /etc/xinetd.d/rsync /etc/rsyncd.conf \n sudo systemctl restart xinetd\n\nHowever, this will be reverted if the undercloud gets updated."}], "descriptions": [{"lang": "en", "value": "An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-402", "description": "Transmission of Private Resources into a New Sphere ('Resource Leak')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-03T15:32:25.112Z"}, "x_redhatCweChain": "CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')"}}, "cveMetadata": {"cveId": "CVE-2022-3596", "state": "PUBLISHED", "dateUpdated": "2024-08-03T01:14:02.457Z", "dateReserved": "2022-10-18T23:34:01.540Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-09-20T19:06:28.487Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:els:*:*:*", "matchCriteriaId": "DAB5A865-2253-4A36-853C-764C4060A6BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials."}, {"lang": "es", "value": "Se encontr\u00f3 una fuga de informaci\u00f3n en la nube inferior de OpenStack. Esta falla permite a atacantes remotos no autenticados inspeccionar datos sensibles despu\u00e9s de descubrir la direcci\u00f3n IP de la nube, lo que posiblemente comprometa la informaci\u00f3n privada, incluidas las credenciales de acceso del administrador."}], "id": "CVE-2022-3596", "lastModified": "2024-05-03T16:15:08.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-09-20T20:15:11.217", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2022:8897"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-3596"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136596"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-402"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Maciej Relewicz (Juniper Networks) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:8897", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "instack-undercloud-0:8.4.9-13.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 - ELS", "release_date": "2022-12-08T00:00:00Z"}, {"advisory": "RHSA-2022:8897", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "instack-undercloud-0:8.4.9-13.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2022-12-08T00:00:00Z"}], "bugzilla": {"description": "instack-undercloud: rsync leaks information to undercloud", "id": "2136596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136596"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-402", "details": ["An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.", "An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials."], "mitigation": {"lang": "en:us", "value": "The rsync daemon is no longer needed and can be manually disabled by running the following commands on the undercloud:\nsudo rm /etc/xinetd.d/rsync /etc/rsyncd.conf \nsudo systemctl restart xinetd\nHowever, this will be reverted if the undercloud gets updated."}, "name": "CVE-2022-3596", "public_date": "2022-12-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3596\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3596"], "statement": "Red Hat OpenStack Platform releases other than 13 are not affected by this vulnerability. This is because they use a different architecture, which does not rely on rsync running on the undercloud.", "threat_severity": "Important"}