A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| coreos-installer(crates.io) | 0 | 0.10.0 | N/A |
CVSS Metrics
