CVE-2022-3261 MEDIUM

CVE-2022-3261: Plain-text passwords saved in /var/log/messages

Vendor N/A
Product openstack
Weakness CWE-256
Published September 15, 2023
Last update September 25, 2024

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

Key dates

02Disclosure timeline

September 15, 2023 CVE published
September 25, 2024 Record updated