Vulnerability Description
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
CVSS Score
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Tripleo Heat Templates | < 8.4.1 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2021-3585Third Party Advisory
- https://bugs.launchpad.net/tripleo/+bug/1931132ExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1961709Issue TrackingPermissions Required
- https://bugzilla.redhat.com/show_bug.cgi?id=1968247Issue TrackingThird Party Advisory
- https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988PatchThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2021-3585Third Party Advisory
- https://bugs.launchpad.net/tripleo/+bug/1931132ExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1961709Issue TrackingPermissions Required
- https://bugzilla.redhat.com/show_bug.cgi?id=1968247Issue TrackingThird Party Advisory
- https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988PatchThird Party Advisory
FAQ
What is CVE-2021-3585?
CVE-2021-3585 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
How severe is CVE-2021-3585?
CVE-2021-3585 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3585?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Tripleo Heat Templates.