← Back to CVEs
CVE-2021-3684
MEDIUM5.5
Description
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/24/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
redhat:enterprise_linuxredhat:openshift_assisted_installerredhat:openshift_container_platform
Weaknesses (CWE)
CWE-532CWE-532
References
https://bugzilla.redhat.com/show_bug.cgi?id=1985962(secalert@redhat.com)
https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4(secalert@redhat.com)
https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1985962(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.