CVE-2021-3684
First published: Mon Jul 26 2021(Updated: )
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openshift/assisted-installer | <1.0.25.1 | 1.0.25.1 |
| redhat/openshift/assisted-installer | <2.0.0 | 2.0.0 |
| Redhat Openshift Assisted Installer | <1.0.25.3 | |
| Redhat Openshift Container Platform | =4.6 | |
| Redhat Enterprise Linux | =8.0 |
Remedy
https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4
Remedy
https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://issues.redhat.com/browse/MGMT-7450
- https://issues.redhat.com/browse/MGMT-7452
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1991803
- https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a
- https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4
- https://access.redhat.com/errata/RHEA-2021:3455
- https://bugzilla.redhat.com/show_bug.cgi?id=1985962
Frequently Asked Questions
What is CVE-2021-3684?
CVE-2021-3684 is a vulnerability found in OpenShift Assisted Installer that leaks image pull secrets as plaintext in installation logs.
How does CVE-2021-3684 affect OpenShift Assisted Installer?
CVE-2021-3684 affects OpenShift Assisted Installer by exposing image pull secrets in plaintext, which can be exploited by authenticated users to pull container images from the registry.
What is the severity of CVE-2021-3684?
The severity of CVE-2021-3684 is medium with a severity value of 5.5.
How can I fix CVE-2021-3684?
To fix CVE-2021-3684, update OpenShift Assisted Installer to version 1.0.25.1 or higher.
Where can I find more information about CVE-2021-3684?
More information about CVE-2021-3684 can be found in the references: [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1985962), [GitHub Commit 1](https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4), [GitHub Commit 2](https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3684
- agent/software-canonical-lookup
- agent/tags
- agent/event
- vendor/redhat
- canonical/redhat openshift assisted installer
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.6
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- package-manager/redhat