CVE-2021-3684

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3684
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3684.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3684
Published
2023-03-24T20:15:08Z
Modified
2024-09-03T03:54:14.721076Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

References

Affected packages

Git / github.com/openshift/assisted-installer

Affected ranges

Type
GIT
Repo
https://github.com/openshift/assisted-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

latest_test

v1.*

v1.0.10.1
v1.0.10.2
v1.0.10.3
v1.0.11.1
v1.0.11.2
v1.0.12.1
v1.0.13.1
v1.0.14.1
v1.0.14.2
v1.0.14.3
v1.0.15.1
v1.0.15.2
v1.0.15.3
v1.0.16.1
v1.0.16.2
v1.0.16.3
v1.0.17.1
v1.0.17.2
v1.0.17.3
v1.0.18.1
v1.0.18.2
v1.0.18.3
v1.0.19.1
v1.0.19.2
v1.0.19.3
v1.0.20.1
v1.0.20.2
v1.0.20.3
v1.0.20.4
v1.0.21.1
v1.0.21.2
v1.0.21.3
v1.0.22.1
v1.0.22.2
v1.0.22.3
v1.0.22.4
v1.0.23.1
v1.0.23.2
v1.0.24.1
v1.0.24.2
v1.0.24.3
v1.0.9
v1.0.9.1
v1.0.9.2
v1.0.9.3
v1.0.9.4
v1.0.9.5