CVE-2021-3684

CVE-2021-3684

Vendor N/A
Product assisted-installer
Weakness CWE-532 · Sensitive info in logs
Published March 24, 2023
Last update February 25, 2025

CVSS base score

What the vulnerability does

01Description

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

Key dates

02Disclosure timeline

March 24, 2023 CVE published
February 25, 2025 Record updated