What the vulnerability does

01Description

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.

Key dates

02Disclosure timeline

August 23, 2022 CVE published
August 3, 2024 Record updated