CVE-2022-1706

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-1706

Severity

6.5

Medium

CVSS V3

Description

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.

References

https://images.chainguard.dev/security/CGA-46wx-h8gm-9f9h
https://github.com/advisories/GHSA-hj57-j5cw-2mwp
https://images.chainguard.dev/security/CGA-7m8f-r48r-8g56
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LY7LKGMQMXV6DGD263YQHNSLOJJ5VLV5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NP765L7TJI7CD4XVOHUWZVRYRH3FYBOR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5QQXRGQKTN4YX2ZF3GQNEBDEOKJGCN3/
https://bugzilla.redhat.com/show_bug.cgi?id=2082274
https://github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4ea
https://github.com/coreos/ignition/issues/1300
https://github.com/coreos/ignition/issues/1315
https://github.com/coreos/ignition/pull/1350

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2022-1706

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company