CVE-2021-3684
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
5.5
MEDIUM
CVSS 3.1
EPSS 0.06%
描述
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
如何修補 CVE-2021-3684
要修補 CVE-2021-3684,請將受影響套件升級到下列已修補版本。
- —升級至 1.0.25.1 或更新版本
CVE-2021-3684 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.0.25.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |