CVE-2021-3917

medium

Description

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.

References

Advisories
More

https://github.com/coreos/fedora-coreos-tracker/issues/889

https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c

https://bugzilla.redhat.com/show_bug.cgi?id=2018478

https://access.redhat.com/security/cve/CVE-2021-3917

Details

Source: Mitre, NVD

Published: 2022-08-23

Updated: 2022-08-26

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.0003