Moderate severityNVD Advisory· Published Aug 23, 2022· Updated Aug 3, 2024
CVE-2021-3917
CVE-2021-3917
Description
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coreos-installercrates.io | < 0.10.0 | 0.10.0 |
Affected products
2- coreos-installer/coreos-installerdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-862g-9h5m-m3qvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3917ghsaADVISORY
- access.redhat.com/security/cve/CVE-2021-3917ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0cghsax_refsource_MISCWEB
- github.com/coreos/coreos-installer/releases/tag/v0.10.0ghsaWEB
- github.com/coreos/coreos-installer/security/advisories/GHSA-862g-9h5m-m3qvghsaWEB
- github.com/coreos/fedora-coreos-tracker/issues/889ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.