Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6969: Red Hat Security Advisory: Red Hat OpenStack Platform (tripleo-ansible) security update

An update for tripleo-ansible is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3101: tripleo-ansible: /var/lib/mistral/overcloud discoverable
  • CVE-2022-3146: tripleo-ansible: /etc/openstack/clouds.yaml discoverable
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-10-17

Updated:

2022-10-17

RHSA-2022:6969 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat OpenStack Platform (tripleo-ansible) security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tripleo-ansible is now available for Red Hat OpenStack
Platform.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

TripleO Ansible project repository. Contains playbooks for use with TripleO
OpenStack deployments. https://opendev.org

Security Fix(es):

  • /var/lib/mistral/overcloud discoverable (CVE-2022-3101)
  • /etc/openstack/clouds.yaml discoverable (CVE-2022-3146)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 16.2 x86_64
  • Red Hat OpenStack 16.1 x86_64
  • Red Hat OpenStack for IBM Power 16.2 ppc64le
  • Red Hat OpenStack for IBM Power 16.1 ppc64le

Fixes

  • BZ - 2120660 - CVE-2022-3101 tripleo-ansible: File permissions are too liberal on a director deployment [openstack-16.2]
  • BZ - 2123767 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.2]
  • BZ - 2123870 - CVE-2022-3101 tripleo-ansible: /var/lib/mistral/overcloud discoverable
  • BZ - 2124721 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml discoverable
  • BZ - 2124732 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.1]
  • BZ - 2130109 - ceph inventory linking fails with permission issues
  • BZ - 2130598 - ceph inventory linking fails with permission issues

Red Hat OpenStack 16.2

SRPM

openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.src.rpm

SHA-256: f48f72c8380dc8e1e960f938c71e6a13cce9fe557e8bae00d07f89133060b7b9

openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.src.rpm

SHA-256: 6b467d779759dd04c13777b24ea8ce3f88e44737a46a1193e50a014d3f90b489

tripleo-ansible-0.8.1-2.20220406160116.el8ost.src.rpm

SHA-256: a67045c8a0466d6e05bf78c2218d3da40880822a5affb7d172230eb49888eb84

x86_64

openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: 6e17379f8e130b4112605fd682aa4392c1fe8b5c7121c3036604ad9b5801ae88

openstack-tripleo-common-container-base-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: f3956ea47a92d5ff01626981e652d9cd6ec9931ca3cc645429bd28e437c767f7

openstack-tripleo-common-containers-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: e15bb86e280339403cd38cdcaa69b3d92e08dee695957ba8f917f4e4de0f9781

openstack-tripleo-common-devtools-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: cdd52bfb762939b26aa07fd85ec94786f825929494a9ae064a25d8d60c506147

openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.noarch.rpm

SHA-256: fcd676f61c26b038e4be859ad595b25aaeafb663ad400f2897c49228ca08b78a

python3-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: 4d52eddfe25803ba4e5bd113cef53b4e45824ac7accf1fb18a7784eb33c68810

tripleo-ansible-0.8.1-2.20220406160116.el8ost.noarch.rpm

SHA-256: b589d1ae61c40268e0584d05c1242fc440083f93011853638fd309f6deae985b

Red Hat OpenStack 16.1

SRPM

openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.src.rpm

SHA-256: b05dcd16072c54ae6963510d70f080c8ad3808dde4b643d9e188be1ecc3d5118

openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.src.rpm

SHA-256: c117a8f15a82fb95ec6412e5b79a5b437fba109e43ca75e8a93c59d89f17833e

tripleo-ansible-0.5.1-1.20220114163454.el8ost.src.rpm

SHA-256: d8e24ea38c8fbefcc3d0861fa0d7846396253c83376c81ff117eb80aec122d49

x86_64

openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 0ec60639baf61246541ad7697a9d4548e11a0e68c0bf507e2190186cfeca5e2d

openstack-tripleo-common-container-base-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: aaba838e821791d94930c24d342f3e17f57adcabd6c17311a714a5468ba141af

openstack-tripleo-common-containers-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 6c6318ef4fcaae0b14ee3f0e59cb643accd8e39ab6baa6831d3ccdd5b405f215

openstack-tripleo-common-devtools-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 2d2502cd0e974122a45128aaa3b314e6047f2aeb9bcdaedffc614eedbbda6b20

openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.noarch.rpm

SHA-256: 3921a4d3bbbbfecf0317584b313599dfa6c60a351bef4c285268e608028261cf

python3-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 470009faec8bc07813b00baf4977d01f5aa84ca7263a17ae6815a4cbc2d20ac3

tripleo-ansible-0.5.1-1.20220114163454.el8ost.noarch.rpm

SHA-256: bde63762cec10ff6bfbc58128c38ad3acd1a0e336725001bc95547fb56c5bebe

Red Hat OpenStack for IBM Power 16.2

SRPM

openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.src.rpm

SHA-256: f48f72c8380dc8e1e960f938c71e6a13cce9fe557e8bae00d07f89133060b7b9

openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.src.rpm

SHA-256: 6b467d779759dd04c13777b24ea8ce3f88e44737a46a1193e50a014d3f90b489

tripleo-ansible-0.8.1-2.20220406160116.el8ost.src.rpm

SHA-256: a67045c8a0466d6e05bf78c2218d3da40880822a5affb7d172230eb49888eb84

ppc64le

openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: 6e17379f8e130b4112605fd682aa4392c1fe8b5c7121c3036604ad9b5801ae88

openstack-tripleo-common-container-base-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: f3956ea47a92d5ff01626981e652d9cd6ec9931ca3cc645429bd28e437c767f7

openstack-tripleo-common-containers-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: e15bb86e280339403cd38cdcaa69b3d92e08dee695957ba8f917f4e4de0f9781

openstack-tripleo-common-devtools-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: cdd52bfb762939b26aa07fd85ec94786f825929494a9ae064a25d8d60c506147

openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.noarch.rpm

SHA-256: fcd676f61c26b038e4be859ad595b25aaeafb663ad400f2897c49228ca08b78a

python3-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm

SHA-256: 4d52eddfe25803ba4e5bd113cef53b4e45824ac7accf1fb18a7784eb33c68810

tripleo-ansible-0.8.1-2.20220406160116.el8ost.noarch.rpm

SHA-256: b589d1ae61c40268e0584d05c1242fc440083f93011853638fd309f6deae985b

Red Hat OpenStack for IBM Power 16.1

SRPM

openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.src.rpm

SHA-256: b05dcd16072c54ae6963510d70f080c8ad3808dde4b643d9e188be1ecc3d5118

openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.src.rpm

SHA-256: c117a8f15a82fb95ec6412e5b79a5b437fba109e43ca75e8a93c59d89f17833e

tripleo-ansible-0.5.1-1.20220114163454.el8ost.src.rpm

SHA-256: d8e24ea38c8fbefcc3d0861fa0d7846396253c83376c81ff117eb80aec122d49

ppc64le

openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 0ec60639baf61246541ad7697a9d4548e11a0e68c0bf507e2190186cfeca5e2d

openstack-tripleo-common-container-base-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: aaba838e821791d94930c24d342f3e17f57adcabd6c17311a714a5468ba141af

openstack-tripleo-common-containers-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 6c6318ef4fcaae0b14ee3f0e59cb643accd8e39ab6baa6831d3ccdd5b405f215

openstack-tripleo-common-devtools-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 2d2502cd0e974122a45128aaa3b314e6047f2aeb9bcdaedffc614eedbbda6b20

openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.noarch.rpm

SHA-256: 3921a4d3bbbbfecf0317584b313599dfa6c60a351bef4c285268e608028261cf

python3-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm

SHA-256: 470009faec8bc07813b00baf4977d01f5aa84ca7263a17ae6815a4cbc2d20ac3

tripleo-ansible-0.5.1-1.20220114163454.el8ost.noarch.rpm

SHA-256: bde63762cec10ff6bfbc58128c38ad3acd1a0e336725001bc95547fb56c5bebe

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

GHSA-w4x6-6w3r-9h2m: tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

GHSA-7x96-2w32-w3gw: tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

CVE-2022-3101: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

CVE-2022-3146: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

Red Hat Security Advisory 2022-6969-01

Red Hat Security Advisory 2022-6969-01 - An update for tripleo-ansible is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data