CVE Vulnerability

CVE-2021-3917

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2018478 Issue Tracking Vendor Advisory
https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c Patch Third Party Advisory
https://github.com/coreos/fedora-coreos-tracker/issues/889 Issue Tracking Patch
https://access.redhat.com/security/cve/CVE-2021-3917 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:coreos-installer:*:*:*:*:*:*:*:*
Information

Published : 2022-08-23 08:15

Updated : 2022-08-26 07:15

NVD link : CVE-2021-3917

Mitre link : CVE-2021-3917

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions