Published: 17/05/2022 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift container platform 4.0
redhat enterprise linux 9.0
redhat ignition
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36

Debian Bug report logs - #1014716 ignition: CVE-2022-1706 Package: src:ignition; Maintainer for src:ignition is Debian Cloud Team <debian-cloud@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 10 Jul 2022 18:15:01 UTC Severity: important Tags: security, upstream Forwarded to ...

Synopsis Moderate: ignition security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for ignition is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...

Synopsis Moderate: OpenShift Container Platform 4110 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packag ...

Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...

Synopsis Moderate: OpenShift Container Platform 4110 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...

CWE-863 https://bugzilla.redhat.com/show_bug.cgi?id=2082274 https://github.com/coreos/ignition/issues/1300 https://github.com/coreos/ignition/commit/4b70b44b430ecf8377a276e89b5acd3a6957d4ea https://github.com/coreos/ignition/pull/1350 https://github.com/coreos/ignition/issues/1315 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NP765L7TJI7CD4XVOHUWZVRYRH3FYBOR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LY7LKGMQMXV6DGD263YQHNSLOJJ5VLV5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5QQXRGQKTN4YX2ZF3GQNEBDEOKJGCN3/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014716 https://nvd.nist.gov

CVE-2022-1706

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect