5.5
CVE-2021-3917
- EPSS 0.22%
- Veröffentlicht 23.08.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:46
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Coreos-installer Version < 0.10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.128 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://access.redhat.com/security/cve/CVE-2021-3917
https://bugzilla.redhat.com/show_bug.cgi?id=2018478
https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c
https://github.com/coreos/fedora-coreos-tracker/issues/889