CVE-2021-3684
CVSS V2 None
CVSS V3 None
Description
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
Overview
- CVE ID
- CVE-2021-3684
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-24T20:15:08
- Last Modified Date
- 2023-04-03T17:56:10
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:redhat:openshift_assisted_installer:*:*:*:*:*:*:*:* | 1 | OR | 1.0.25.3 | |
| cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1985962 | Issue Tracking Patch Vendor Advisory |
| https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4 | Patch |
| https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a | Patch |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-3684 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3684 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 03:19:23 | Added to TrackCVE | |||
| 2023-04-17 03:19:25 | Weakness Enumeration | new |