Lucene search
Veracode Vulnerability DatabaseVERACODE:40416HistoryMay 08, 2023 - 1:20 p.m.
Improper Authorization
2023-05-0813:20:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
github
metal3-io
baremetal operator
etcd storage
configmaps
ironic
ironic-inspector
cluster-wide access
EPSS
0
Percentile
9.0%
github.com/metal3-io/baremetal-operator is vulnerable to Improper Authorization. The .htpasswd files that Ironic and Ironic-inspector store as ConfigMaps rather than secrets when they are installed within Baremetal Operator using the deploy.sh file that is supplied. Anyone with access to the management cluster’s Etcd storage or cluster-wide read access can now read the plain-text login and hashed password.
Related
osv
osv
CVE-2023-30841
2023-04-26 19:15:09
Ironic and ironic-inspector may expose as ConfigMaps
2023-04-26 19:46:00
prion
prion
Default credentials
2023-04-26 19:15:00
redhatcve
redhatcve
CVE-2023-30841
2023-04-27 08:51:19
cve
cve
CVE-2023-30841
2023-04-26 19:15:09
github
github
Ironic and ironic-inspector may expose as ConfigMaps
2023-04-26 19:46:00
cvelist
cvelist
nvd
nvd
CVE-2023-30841
2023-04-26 19:15:09
redhat
redhat