Search criteria
4 vulnerabilities found for coreos-installer by redhat
CVE-2021-3917 (GCVE-0-2021-3917)
Vulnerability from nvd – Published: 2022-08-23 19:03 – Updated: 2024-08-03 17:09
VLAI?
Summary
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
Severity ?
No CVSS data available.
CWE
- CWE-276 - - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | coreos-installer |
Affected:
Fixed in coreos-installer 0.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/fedora-coreos-tracker/issues/889"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coreos-installer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in coreos-installer 0.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 - Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T19:03:22",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/fedora-coreos-tracker/issues/889"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coreos-installer",
"version": {
"version_data": [
{
"version_value": "Fixed in coreos-installer 0.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 - Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coreos/fedora-coreos-tracker/issues/889",
"refsource": "MISC",
"url": "https://github.com/coreos/fedora-coreos-tracker/issues/889"
},
{
"name": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c",
"refsource": "MISC",
"url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3917",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-3917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3917",
"datePublished": "2022-08-23T19:03:22",
"dateReserved": "2021-11-01T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20319 (GCVE-0-2021-20319)
Vulnerability from nvd – Published: 2022-03-04 17:05 – Updated: 2024-08-03 17:37
VLAI?
Summary
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.
Severity ?
No CVSS data available.
CWE
- CWE-347 - - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | coreos-installer |
Affected:
Affects coreos-installer before v0.10.1, Fixed in v0.10.1.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coreos-installer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects coreos-installer before v0.10.1, Fixed in v0.10.1."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 - Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T17:05:50",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coreos-installer",
"version": {
"version_data": [
{
"version_value": "Affects coreos-installer before v0.10.1, Fixed in v0.10.1."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 - Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862"
},
{
"name": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593",
"refsource": "MISC",
"url": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593"
},
{
"name": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89",
"refsource": "MISC",
"url": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20319",
"datePublished": "2022-03-04T17:05:50",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3917 (GCVE-0-2021-3917)
Vulnerability from cvelistv5 – Published: 2022-08-23 19:03 – Updated: 2024-08-03 17:09
VLAI?
Summary
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
Severity ?
No CVSS data available.
CWE
- CWE-276 - - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | coreos-installer |
Affected:
Fixed in coreos-installer 0.10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/fedora-coreos-tracker/issues/889"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coreos-installer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in coreos-installer 0.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 - Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T19:03:22",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/fedora-coreos-tracker/issues/889"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coreos-installer",
"version": {
"version_data": [
{
"version_value": "Fixed in coreos-installer 0.10.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 - Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coreos/fedora-coreos-tracker/issues/889",
"refsource": "MISC",
"url": "https://github.com/coreos/fedora-coreos-tracker/issues/889"
},
{
"name": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c",
"refsource": "MISC",
"url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3917",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-3917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3917",
"datePublished": "2022-08-23T19:03:22",
"dateReserved": "2021-11-01T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20319 (GCVE-0-2021-20319)
Vulnerability from cvelistv5 – Published: 2022-03-04 17:05 – Updated: 2024-08-03 17:37
VLAI?
Summary
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.
Severity ?
No CVSS data available.
CWE
- CWE-347 - - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | coreos-installer |
Affected:
Affects coreos-installer before v0.10.1, Fixed in v0.10.1.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coreos-installer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects coreos-installer before v0.10.1, Fixed in v0.10.1."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 - Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T17:05:50",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coreos-installer",
"version": {
"version_data": [
{
"version_value": "Affects coreos-installer before v0.10.1, Fixed in v0.10.1."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 - Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862"
},
{
"name": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593",
"refsource": "MISC",
"url": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593"
},
{
"name": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89",
"refsource": "MISC",
"url": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20319",
"datePublished": "2022-03-04T17:05:50",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}