coreos-installer

crates.io2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting coreos-installerpage 1 of 1

CVE-2021-20319HIGHCVSS 7.8EG 7.8✓ Fixed in 0.10.1
2022-03-04
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. …
CVE-2021-3917MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.10.0
2022-08-23
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest thr…

Check whether coreos-installer is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for coreos-installer CVEs against the assets you own.

Start Free Scan →