Vulnerability Description
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Assisted Installer | < 1.0.25.3 |
| Redhat | Openshift Container Platform | 4.6 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1985962Issue TrackingPatchVendor Advisory
- https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0Patch
- https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73fPatch
- https://bugzilla.redhat.com/show_bug.cgi?id=1985962Issue TrackingPatchVendor Advisory
- https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0Patch
- https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73fPatch
FAQ
What is CVE-2021-3684?
CVE-2021-3684 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exp...
How severe is CVE-2021-3684?
CVE-2021-3684 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3684?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Assisted Installer, Redhat Openshift Container Platform, Redhat Enterprise Linux.