Moderate severityNVD Advisory· Published May 17, 2022· Updated Aug 3, 2024
CVE-2022-1706
CVE-2022-1706
Description
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/coreos/ignition/v2Go | < 2.14.0 | 2.14.0 |
github.com/coreos/ignitionGo | < 2.14.0 | 2.14.0 |
Affected products
17- Ignition/Ignitiondescription
- osv-coords16 versionspkg:apk/chainguard/cluster-api-aws-controller-compatpkg:apk/chainguard/cluster-api-aws-controller-fips-compatpkg:apk/wolfi/cluster-api-aws-controller-compatpkg:golang/github.com/coreos/ignitionpkg:golang/github.com/coreos/ignition/v2pkg:rpm/almalinux/ignitionpkg:rpm/opensuse/ignition&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/systemd-presets-common-SUSE&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/systemd-presets-common-SUSE&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/systemd-presets-common-SUSE&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 2.9.2-r0+ 15 more
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.14.0
- (no CPE)range: < 2.14.0
- (no CPE)range: < 2.14.0-1.el9
- (no CPE)range: < 2.14.0-150300.6.7.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 2.14.0-150300.4.7.1
- (no CPE)range: < 2.14.0-150300.6.7.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-hj57-j5cw-2mwpghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LY7LKGMQMXV6DGD263YQHNSLOJJ5VLV5/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NP765L7TJI7CD4XVOHUWZVRYRH3FYBOR/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5QQXRGQKTN4YX2ZF3GQNEBDEOKJGCN3/mitrevendor-advisory
- github.com/coreos/ignition/issues/1300ghsaWEB
- github.com/coreos/ignition/pull/1350ghsaWEB
- github.com/coreos/ignition/security/advisories/GHSA-hj57-j5cw-2mwpghsaWEB
- bugzilla.redhat.com/show_bug.cgimitre
- github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4eamitre
- github.com/coreos/ignition/issues/1315mitre
News mentions
0No linked articles in our index yet.