Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/tripleo-ansible@0.8.1-2.20220406160116?arch=el8ost

Type rpm

Namespace redhat

Name tripleo-ansible

Version 0.8.1-2.20220406160116

Qualifiers

arch	el8ost

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-c9sv-ktet-3qb9

vulnerability_id

VCID-c9sv-ktet-3qb9

summary

tripleo-ansible may disclose important configuration details from an OpenStack deployment
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3101.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3101.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3101

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.05142
published_at	2026-06-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0514
published_at	2026-06-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05158
published_at	2026-06-05T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05144
published_at	2026-06-06T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05138
published_at	2026-06-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05099
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3101

reference_url

https://github.com/openstack/tripleo-ansible

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/tripleo-ansible

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2123870
reference_id	2123870
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2123870

reference_url

https://access.redhat.com/security/cve/CVE-2022-3101

reference_id

CVE-2022-3101

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:41:56Z/

url

https://access.redhat.com/security/cve/CVE-2022-3101

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3101

reference_id

CVE-2022-3101

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3101

reference_url

https://github.com/advisories/GHSA-7x96-2w32-w3gw

reference_id

GHSA-7x96-2w32-w3gw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7x96-2w32-w3gw

reference_url	https://access.redhat.com/errata/RHSA-2022:6969
reference_id	RHSA-2022:6969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6969

fixed_packages

aliases

CVE-2022-3101, GHSA-7x96-2w32-w3gw

risk_score

3.3

exploitability

0.5

weighted_severity

6.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-c9sv-ktet-3qb9

url

VCID-hnyp-exvr-tyaw

vulnerability_id

VCID-hnyp-exvr-tyaw

summary

tripleo-ansible may disclose important configuration details from an OpenStack deployment
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3146.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3146.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3146

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.05142
published_at	2026-06-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0514
published_at	2026-06-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05158
published_at	2026-06-05T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05144
published_at	2026-06-06T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05138
published_at	2026-06-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.05099
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3146

reference_url

https://github.com/openstack/tripleo-ansible

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/tripleo-ansible

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2124721
reference_id	2124721
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2124721

reference_url

https://access.redhat.com/security/cve/CVE-2022-3146

reference_id

CVE-2022-3146

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T15:41:08Z/

url

https://access.redhat.com/security/cve/CVE-2022-3146

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3146

reference_id

CVE-2022-3146

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3146

reference_url

https://github.com/advisories/GHSA-w4x6-6w3r-9h2m

reference_id

GHSA-w4x6-6w3r-9h2m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w4x6-6w3r-9h2m

reference_url	https://access.redhat.com/errata/RHSA-2022:6969
reference_id	RHSA-2022:6969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6969

fixed_packages

aliases

CVE-2022-3146, GHSA-w4x6-6w3r-9h2m

risk_score

3.3

exploitability

0.5

weighted_severity

6.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hnyp-exvr-tyaw

Fixing_vulnerabilities

Risk_score 3.3

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tripleo-ansible@0.8.1-2.20220406160116%3Farch=el8ost

Package Instance