Описание
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | coreos-installer | Fix deferred | ||
| Red Hat OpenShift Container Platform 4.8 | coreos-installer | Fixed | RHSA-2021:4829 | 30.11.2021 |
| Red Hat OpenShift Container Platform 4.9 | coreos-installer | Fixed | RHSA-2021:3758 | 18.10.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2018478coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}
5 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.5
nvd
больше 3 лет назад
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
CVSS3: 5.5
github
около 4 лет назад
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
5 Medium
CVSS3