Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
Vulnerability Description
Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Bare Metal Operator 信息泄露漏洞
Vulnerability Description
Bare Metal Operator是Metal³开源的一个应用程序,用Kubernetes API来管理裸机主机。 Bare Metal Operator 0.3.0之前版本存在信息泄露漏洞,该漏洞源于存在明文用户名和哈希密码泄露问题。
CVSS Information
N/A
Vulnerability Type
N/A