CVE-2021-3917
Summary
| CVE | CVE-2021-3917 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-23 20:15:00 UTC |
|---|
| Updated | 2022-08-26 19:15:00 UTC |
|---|
| Description | A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Change `/boot/ignition/config.ign` permissions to 0600 and delete it after provisioning · Issue #889 · coreos/fedora-coreos-tracker · GitHub |
MISC |
github.com |
|
| 2018478 – (CVE-2021-3917) CVE-2021-3917 coreos-installer: restrict access permissions on /boot/ignition{,/config.ign} |
MISC |
bugzilla.redhat.com |
|
| install: restrict access permissions on /boot/ignition{,/config.ign} · coreos/coreos-installer@2a36405 · GitHub |
MISC |
github.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 239937 Red Hat Update for OpenShift Container Platform 4.8.22 (RHSA-2021:4829)
- 770128 Red Hat OpenShift Container Platform 4.8 Security Update (RHSA-2021:4829)
