crates.io package
coreos-installer
pkg:cargo/coreos-installer
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3917 | — | < 0.10.0 | 0.10.0 | Aug 23, 2022 | A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confide | ||
| CVE-2021-20319 | — | < 0.10.1 | 0.10.1 | Mar 4, 2022 | An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original i |
- CVE-2021-3917Aug 23, 2022affected < 0.10.0fixed 0.10.0
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confide
- CVE-2021-20319Mar 4, 2022affected < 0.10.1fixed 0.10.1
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original i