Security
Headlines

Headlines Latest CVEs

Headline

GHSA-g8xm-p2h4-v6jp: OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

1 year ago

#vulnerability #git #auth

OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs

Moderate severity GitHub Reviewed Published Mar 24, 2023 to the GitHub Advisory Database • Updated Mar 24, 2023

Related news

CVE-2021-3684: MGMT-7450: Removing pull secret token from failure logs (#340) · openshift/assisted-installer@f3800cf

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.

1 year ago

#vulnerability #mac #js #git #auth #rpm

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago