CVE-2022-3596

Instack-undercloud: rsync leaks information to undercloud

Description

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

Remediation

Workaround:

The rsync daemon is no longer needed and can be manually disabled by running the following commands on the undercloud: sudo rm /etc/xinetd.d/rsync /etc/rsyncd.conf sudo systemctl restart xinetd However, this will be reverted if the undercloud gets updated.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2022:8897	vendor advisory
https://access.redhat.com/security/cve/CVE-2022-3596	vendor advisory mitigation vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2136596	vendor advisory issue tracking

Frequently Asked Questions

What is the severity of CVE-2022-3596?: CVE-2022-3596 has been scored as a high severity vulnerability.
How to fix CVE-2022-3596?: As a workaround for remediating CVE-2022-3596: The rsync daemon is no longer needed and can be manually disabled by running the following commands on the undercloud: sudo rm /etc/xinetd.d/rsync /etc/rsyncd.conf sudo systemctl restart xinetd However, this will be reverted if the undercloud gets updated.
Is CVE-2022-3596 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-3596 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-3596?: CVE-2022-3596 affects Red Hat Red Hat OpenStack Platform 13.0 - ELS, Red Hat Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS.

Description

Remediation

Category

CWE-402 – Transmission of Private Resources into a New Sphere ('Resource Leak')

References

Frequently Asked Questions