CVE-2021-3684

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3684
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3684.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3684
Published
2023-03-24T20:15:08Z
Modified
2025-01-08T10:47:37.618733Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

References

Affected packages

Git / github.com/openshift/assisted-installer

Affected ranges

Type
GIT
Repo
https://github.com/openshift/assisted-installer
Events

Affected versions

Other

latest_test

v1.*

v1.0.10.1
v1.0.10.2
v1.0.10.3
v1.0.11.1
v1.0.11.2
v1.0.12.1
v1.0.13.1
v1.0.14.1
v1.0.14.2
v1.0.14.3
v1.0.15.1
v1.0.15.2
v1.0.15.3
v1.0.16.1
v1.0.16.2
v1.0.16.3
v1.0.17.1
v1.0.17.2
v1.0.17.3
v1.0.18.1
v1.0.18.2
v1.0.18.3
v1.0.19.1
v1.0.19.2
v1.0.19.3
v1.0.20.1
v1.0.20.2
v1.0.20.3
v1.0.20.4
v1.0.21.1
v1.0.21.2
v1.0.21.3
v1.0.22.1
v1.0.22.2
v1.0.22.3
v1.0.22.4
v1.0.23.1
v1.0.23.2
v1.0.24.1
v1.0.24.2
v1.0.24.3
v1.0.9
v1.0.9.1
v1.0.9.2
v1.0.9.3
v1.0.9.4
v1.0.9.5