5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
On systems installed with coreos-installer before 0.10.0, the user-provided Ignition config was written to /boot/ignition/config.ign
with world-readable permissions, granting unprivileged users access to any secrets included in the config.
Default configurations of Fedora CoreOS and RHEL CoreOS do not include any unprivileged user accounts. In addition, instances launched from a cloud image, and systems provisioned with the ignition.config.url
kernel argument, do not use the config.ign
file and are unaffected.
coreos-installer 0.10.0 and later writes the Ignition config with restricted permissions.
On Fedora CoreOS systems installed from version 34.20210711.3.0 (stable), 34.20210711.2.0 (testing), 34.20210711.1.1 (next) and later, the /boot/ignition
directory and its contents are removed after provisioning is complete. All Fedora CoreOS systems that have updated to these versions or later have automatically removed the /boot/ignition
directory and no action is required.
On other systems, /boot/ignition/config.ign
can be removed manually, as it is not used after provisioning is complete:
sudo mount -o remount,rw /boot
sudo rm -rf /boot/ignition
For more information, see https://github.com/coreos/fedora-coreos-tracker/issues/889.
If you have any questions or comments about this advisory, open an issue in coreos-installer or email the CoreOS development mailing list.
CPE | Name | Operator | Version |
---|---|---|---|
coreos-installer | lt | 0.10.0 |
access.redhat.com/security/cve/CVE-2021-3917
bugzilla.redhat.com/show_bug.cgi?id=2018478
github.com/advisories/GHSA-862g-9h5m-m3qv
github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c
github.com/coreos/coreos-installer/releases/tag/v0.10.0
github.com/coreos/coreos-installer/security/advisories/GHSA-862g-9h5m-m3qv
github.com/coreos/fedora-coreos-tracker/issues/889
nvd.nist.gov/vuln/detail/CVE-2021-3917