CVE-2023-30841 : Baremetal Operator (BMO) is a bare metal host provisioning integration for Kuber

Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241.

Published 2023-04-26 19:15:09

Updated 2023-05-09 15:20:03

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2023-30841

Linuxfoundation » Baremetal Operator
Versions before (<) 0.3.0
cpe:2.3:a:linuxfoundation:baremetal_operator:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-30841

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-30841

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N	1.5	4.0	GitHub, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2023-30841

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: security-advisories@github.com (Secondary)
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-30841

https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-9wh7-397j-722m

Ironic and ironic-inspector may expose htpasswd files as ConfigMaps · Advisory · metal3-io/baremetal-operator · GitHub
Vendor Advisory
https://github.com/metal3-io/baremetal-operator/pull/1241

⚠️ Store htpasswd files in Secrets instead of ConfigMaps by lentzi90 · Pull Request #1241 · metal3-io/baremetal-operator · GitHub
Exploit;Issue Tracking;Patch

Jump to

Vulnerability Details : CVE-2023-30841

Products affected by CVE-2023-30841

Exploit prediction scoring system (EPSS) score for CVE-2023-30841

CVSS scores for CVE-2023-30841

CWE ids for CVE-2023-30841

References for CVE-2023-30841