Advisories for Pypi/Tripleo-Ansible package

2023

tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.