DescriptionA flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store `.htpasswd` files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster or access to the management cluster's etcd storage.A flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store .htpasswd files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster or access to the management cluster's etcd storage.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.