ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. We don't recommend putting secrets in the Ignition config, but presumably some users do it anyway. References: https://github.com/coreos/ignition/issues/1300 https://github.com/coreos/ignition/pull/1350
Created ignition tracking bugs for this issue: Affects: epel-7 [bug 2082423] Affects: fedora-all [bug 2082422]
CVE-2022-1706 assigned.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Ironic content for Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8126 https://access.redhat.com/errata/RHSA-2022:8126
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1706