Medium severity6.5NVD Advisory· Published May 17, 2022· Updated Jun 17, 2026
CVE-2022-1706
CVE-2022-1706
Description
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/coreos/ignition/v2Go | < 2.14.0 | 2.14.0 |
github.com/coreos/ignitionGo | < 2.14.0 | 2.14.0 |
Affected products
17- Ignition/Ignitiondescription
- osv-coords16 versionspkg:apk/chainguard/cluster-api-aws-controller-compatpkg:apk/chainguard/cluster-api-aws-controller-fips-compatpkg:apk/wolfi/cluster-api-aws-controller-compatpkg:golang/github.com/coreos/ignitionpkg:golang/github.com/coreos/ignition/v2pkg:rpm/almalinux/ignitionpkg:rpm/opensuse/ignition&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/systemd-presets-common-SUSE&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/systemd-presets-common-SUSE&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/systemd-presets-common-SUSE&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/systemd-presets-common-SUSE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 2.9.2-r0+ 15 more
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r0
- (no CPE)range: < 2.14.0
- (no CPE)range: < 2.14.0
- (no CPE)range: < 2.14.0-1.el9
- (no CPE)range: < 2.14.0-150300.6.7.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 2.14.0-150300.4.7.1
- (no CPE)range: < 2.14.0-150300.6.7.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
- (no CPE)range: < 15-150100.8.17.1
Patches
Vulnerability mechanics
References
10- github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4eanvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- github.com/advisories/GHSA-hj57-j5cw-2mwpghsaADVISORY
- github.com/coreos/ignition/issues/1300nvdThird Party AdvisoryWEB
- github.com/coreos/ignition/issues/1315nvdThird Party Advisory
- github.com/coreos/ignition/pull/1350nvdThird Party AdvisoryWEB
- github.com/coreos/ignition/security/advisories/GHSA-hj57-j5cw-2mwpghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LY7LKGMQMXV6DGD263YQHNSLOJJ5VLV5/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NP765L7TJI7CD4XVOHUWZVRYRH3FYBOR/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5QQXRGQKTN4YX2ZF3GQNEBDEOKJGCN3/nvd
News mentions
0No linked articles in our index yet.