You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate severity
GitHub Reviewed
Published
May 18, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Withdrawn
This advisory was withdrawn on Jun 8, 2022
This advisory is a duplicate of GHSA-hj57-j5cw-2mwp. This link is preserved to maintain external references.
Original Description
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
Duplicate Advisory
This advisory is a duplicate of GHSA-hj57-j5cw-2mwp. This link is preserved to maintain external references.
Original Description
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
References