Lucene search
RedhatCVELIST:CVE-2021-3917HistoryAug 23, 2022 - 7:03 p.m.
CVE-2021-3917
2022-08-2319:03:22
CWE-276
redhat
www.cve.org
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
CNA Affected
[
{
"product": "coreos-installer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in coreos-installer 0.10.0"
}
]
}
]Related
redhatcve
redhatcve
CVE-2021-3917
2021-11-01 10:12:42
prion
prion
Security feature bypass
2022-08-23 20:15:00
nessus
nessus
RHEL 8 : coreos-installer (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.9.0 (RHSA-2021:3758)
2022-09-15 00:00:00
RHEL 8 : OpenShift Container Platform 4.8.22 (RHSA-2021:4829)
2021-12-01 00:00:00
github
github
cve
cve
CVE-2021-3917
2022-08-23 20:15:08
osv
osv
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
2021-11-08 18:01:13
CVE-2021-3917
2022-08-23 20:15:08
nvd
nvd
CVE-2021-3917
2022-08-23 20:15:08
redhat
redhat