CVE-2022-1706 - AskarLabs CVE Database

CVE-2022-1706

Vendor N/A

Product coreos/ignition

Weakness CWE-863 · Incorrect authorization

Published May 17, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.

Key dates

02Disclosure timeline

May 17, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1706 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-33132 ZITADEL is missing enforcement of organization scopes CVE-2024-32470 Tolgee' API keys created by server admin users bypass the permission check CVE-2026-26304 Permission Bypass in Playbook Run Creation CVE-2021-3658 CVE-2026-2386 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type'