Coreos Installer
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:coreos-installer:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Coreos Installer (cb7545fd-b89b-507d-a972-44cdb9531b01) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-3917 |
vulnerable | 2026-06-08 05:33:54.510515 |
Details available
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
Published: 2022-08-23T19:03:22.000Z
Updated: 2024-08-03T17:09:09.604Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20319 |
vulnerable | 2026-06-08 05:29:08.966479 |
Details available
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.
Published: 2022-03-04T17:05:50.000Z
Updated: 2024-08-03T17:37:23.930Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.