CVE-2021-3684

MEDIUM

OpenShift Assisted Installer < 1.0.25.3 - Authenticated Image Pull Secret Exposure in Installation Logs

Title source: llm

Description

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

References (3)

Core 3

Core References

Issue Tracking, Patch, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1985962

Patch

https://github.com/openshift/assisted-installer/commit/2403dad3795406f2c5d923af0894e07bc8b0bdc4

View Patch ZIP pw:eip

Patch

https://github.com/openshift/assisted-installer/commit/f3800cfa3d64ce6dcd6f7b73f0578bb99bfdaf7a

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 16.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (3)

openshift/assisted-installer 0 - 1.0.25.1Go

redhat/openshift_assisted_installer < 1.0.25.3

redhat/openshift_container_platform 4.6

Published Mar 24, 2023

Tracked Since Feb 18, 2026