CVE-2022-3596 HIGH

CVE-2022-3596: Instack-undercloud: rsync leaks information to undercloud

Weakness CWE-402
Published September 20, 2023
Last update August 3, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

Key dates

02Disclosure timeline

September 20, 2023 CVE published
August 3, 2024 Record updated