Home > Vulnerability Database > CVE-2021-3684

Mend.io Vulnerability Database

CVE-2021-3684

Good to know:

Date: March 23, 2023

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

Language: Go

Severity Score

5.5

Related Resources (6)

Url: https://github.com/openshift/assisted-installer

Url: https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3684

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1985962

Url: https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4

Url: https://www.mend.io/vulnerability-database/CVE-2021-3684

Severity Score

5.5

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

Upgrade Version

Upgrade to version github.com/openshift/assisted-installer - v1.0.25.1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3684

Good to know:

Date: March 23, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?