CVE-2021-3684

OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs in go/github.com/openshift/assisted-installer

Identifiers

GHSA-g8xm-p2h4-v6jp, CVE-2021-3684

Package Slug

go/github.com/openshift/assisted-installer

Vulnerability

OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs

Description

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

Affected Versions

All versions before 1.0.25.1

Solution

Upgrade to version 1.0.25.1 or above.

Last Modified

2023-03-27

source