Home > Vulnerability Database > CVE-2021-20319

Mend.io Vulnerability Database

CVE-2021-20319

Good to know:

Date: March 4, 2022

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.

Language: RUST

Severity Score

7.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20319

Url: https://access.redhat.com/security/cve/CVE-2021-20319

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2011862

Url: https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593

Url: https://github.com/coreos/coreos-installer/commit/ad243c6f0eff2835b2da56ca5f7f33af76253c89

Url: https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89

Url: https://www.mend.io/vulnerability-database/CVE-2021-20319

Severity Score

7.8

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

Top Fix

Upgrade Version

Upgrade to version coreos-installer - 0.10.1

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20319

Good to know:

Date: March 4, 2022

Language: RUST

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?