CVE-2021-20319 Information
Jun 07, 2022
cve
Description
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data and achieve full access to the node being installed.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593 https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89 https://bugzilla.redhat.com/show_bug.cgi?id=2011862
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: