Описание
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
Ссылки
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.10.0 (исключая)
cpe:2.3:a:redhat:coreos-installer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00106
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-276
CWE-276
Связанные уязвимости
CVSS3: 5
redhat
больше 4 лет назад
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
CVSS3: 5.5
github
около 4 лет назад
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
EPSS
Процентиль: 29%
0.00106
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-276
CWE-276