[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-3917":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":131,"aliases":132,"duplicate_of":9,"upstream":134,"downstream":135,"duplicates":140,"related":141,"reserved_at":9,"published_at":142,"modified_at":143,"state":144,"summary":145,"references_raw":154,"kevs":196,"epss":197,"epss_history":200,"metrics":460,"affected":468},"CVE-2021-3917","A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-276","Incorrect Default Permissions","During installation, installed file permissions are set to allow anyone to modify those files.","weakness","Draft","Base","Medium",[20,68,127],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",{"id":69,"name":70,"techniques":71},"CAPEC-127","Directory Indexing",[72],{"id":73,"name":74,"tactics":75,"countermeasures":79},"T1083","File and Directory Discovery",[76],{"id":77,"name":78},"TA0102","Discovery",[80,84,88,93,98,102,106,111,115,119,123],{"id":81,"name":82,"tactic":83},"D3-FA","File Analysis",{"name":57},{"id":85,"name":86,"tactic":87},"D3-FIM","File Integrity Monitoring",{"name":57},{"id":89,"name":90,"tactic":91},"D3-FEV","File Eviction",{"name":92},"Evict",{"id":94,"name":95,"tactic":96},"D3-DF","Decoy File",{"name":97},"Deceive",{"id":99,"name":100,"tactic":101},"D3-FE","File Encryption",{"name":62},{"id":103,"name":104,"tactic":105},"D3-RF","Restore File",{"name":67},{"id":107,"name":108,"tactic":109},"D3-LFP","Local File Permissions",{"name":110},"Isolate",{"id":112,"name":113,"tactic":114},"D3-CF","Content Filtering",{"name":110},{"id":116,"name":117,"tactic":118},"D3-RFAM","Remote File Access Mediation",{"name":110},{"id":120,"name":121,"tactic":122},"D3-CQ","Content Quarantine",{"name":110},{"id":124,"name":125,"tactic":126},"D3-CM","Content Modification",{"name":110},{"id":128,"name":129,"techniques":130},"CAPEC-81","Web Server Logs Tampering",[],[],[133],"GHSA-862g-9h5m-m3qv",[],[136,138],{"_key":137},"RHSA-2021:4829",{"_key":139},"RHSA-2021:3758",[],[],"2022-08-23T19:03:22.000Z","2024-08-03T17:09:09.604Z","Modified",{"cisa_kev":146,"cisa_ransomware":146,"cisa_vendor":9,"epss_severity":147,"epss_score":148,"severity":149,"severity_score":150,"severity_version":151,"severity_source":152,"severity_vector":153,"severity_status":144},false,"low",0.00106,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",[155,166,170,175,179,183,188,192],{"url":156,"sources":157,"tags":160},"https://github.com/coreos/fedora-coreos-tracker/issues/889",[158,152,159],"cve.org","osv_crates.io",[161,162,163,164,165],"X Refsource MISC","Issue Tracking","Patch","Third Party Advisory","WEB",{"url":167,"sources":168,"tags":169},"https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c",[158,152,159],[161,163,164,165],{"url":171,"sources":172,"tags":173},"https://bugzilla.redhat.com/show_bug.cgi?id=2018478",[158,152,159],[161,162,174,165],"Vendor Advisory",{"url":176,"sources":177,"tags":178},"https://access.redhat.com/security/cve/CVE-2021-3917",[158,152,159],[161,163,174,165],{"url":180,"sources":181,"tags":182},"https://github.com/coreos/coreos-installer/security/advisories/GHSA-862g-9h5m-m3qv",[159],[165],{"url":184,"sources":185,"tags":186},"https://nvd.nist.gov/vuln/detail/CVE-2021-3917",[159],[187],"Advisory",{"url":189,"sources":190,"tags":191},"https://github.com/coreos/coreos-installer",[159],[165],{"url":193,"sources":194,"tags":195},"https://github.com/coreos/coreos-installer/releases/tag/v0.10.0",[159],[165],[],{"date":198,"score":148,"percentile":199},"2026-06-04",0.28264,[201,204,207,210,213,216,219,222,225,228,231,233,236,238,241,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,319,322,325,328,331,334,337,340,343,346,349,352,355,358,361,364,366,369,372,375,378,381,384,386,389,392,395,398,401,403,406,408,410,412,414,417,419,422,425,428,431,433,436,439,442,445,448,451,454,457],{"date":202,"score":148,"percentile":203},"2025-11-04",0.29381,{"date":205,"score":148,"percentile":206},"2025-11-05",0.2935,{"date":208,"score":148,"percentile":209},"2025-11-06",0.29371,{"date":211,"score":148,"percentile":212},"2025-11-07",0.29364,{"date":214,"score":148,"percentile":215},"2025-11-08",0.29369,{"date":217,"score":148,"percentile":218},"2025-11-09",0.29346,{"date":220,"score":148,"percentile":221},"2025-11-10",0.29327,{"date":223,"score":148,"percentile":224},"2025-11-11",0.29349,{"date":226,"score":148,"percentile":227},"2025-11-12",0.29392,{"date":229,"score":148,"percentile":230},"2025-11-13",0.29404,{"date":232,"score":148,"percentile":230},"2025-11-14",{"date":234,"score":148,"percentile":235},"2025-11-15",0.29396,{"date":237,"score":148,"percentile":212},"2025-11-16",{"date":239,"score":148,"percentile":240},"2025-11-17",0.29342,{"date":242,"score":243,"percentile":244},"2025-11-18",0.00049,0.10374,{"date":246,"score":243,"percentile":247},"2025-11-19",0.10393,{"date":249,"score":243,"percentile":250},"2025-11-20",0.10419,{"date":252,"score":148,"percentile":253},"2025-11-21",0.29382,{"date":255,"score":148,"percentile":256},"2025-11-22",0.2939,{"date":258,"score":148,"percentile":259},"2025-11-23",0.29353,{"date":261,"score":148,"percentile":262},"2025-11-24",0.29334,{"date":264,"score":148,"percentile":265},"2025-11-25",0.29325,{"date":267,"score":148,"percentile":268},"2025-11-26",0.29326,{"date":270,"score":148,"percentile":271},"2025-11-27",0.29338,{"date":273,"score":148,"percentile":274},"2025-11-28",0.29315,{"date":276,"score":148,"percentile":277},"2025-11-29",0.29306,{"date":279,"score":148,"percentile":280},"2025-11-30",0.2928,{"date":282,"score":148,"percentile":283},"2025-12-01",0.29343,{"date":285,"score":148,"percentile":286},"2025-12-02",0.2937,{"date":288,"score":148,"percentile":289},"2025-12-03",0.29377,{"date":291,"score":148,"percentile":292},"2025-12-04",0.29294,{"date":294,"score":148,"percentile":295},"2025-12-05",0.29324,{"date":297,"score":148,"percentile":298},"2025-12-06",0.29328,{"date":300,"score":148,"percentile":301},"2025-12-07",0.29301,{"date":303,"score":148,"percentile":304},"2025-12-08",0.29308,{"date":306,"score":148,"percentile":307},"2025-12-09",0.29365,{"date":309,"score":148,"percentile":310},"2025-12-10",0.29431,{"date":312,"score":148,"percentile":313},"2025-12-11",0.29455,{"date":315,"score":148,"percentile":316},"2025-12-12",0.29476,{"date":318,"score":148,"percentile":316},"2025-12-13",{"date":320,"score":148,"percentile":321},"2025-12-14",0.29452,{"date":323,"score":148,"percentile":324},"2025-12-15",0.29422,{"date":326,"score":148,"percentile":327},"2025-12-16",0.29443,{"date":329,"score":148,"percentile":330},"2025-12-17",0.29493,{"date":332,"score":148,"percentile":333},"2025-12-18",0.2954,{"date":335,"score":148,"percentile":336},"2025-12-19",0.29552,{"date":338,"score":148,"percentile":339},"2025-12-20",0.2953,{"date":341,"score":148,"percentile":342},"2025-12-21",0.29482,{"date":344,"score":148,"percentile":345},"2025-12-22",0.2945,{"date":347,"score":148,"percentile":348},"2025-12-23",0.29423,{"date":350,"score":148,"percentile":351},"2025-12-24",0.29432,{"date":353,"score":148,"percentile":354},"2025-12-25",0.29502,{"date":356,"score":148,"percentile":357},"2025-12-26",0.29498,{"date":359,"score":148,"percentile":360},"2025-12-27",0.29497,{"date":362,"score":148,"percentile":363},"2025-12-28",0.29416,{"date":365,"score":148,"percentile":256},"2025-12-29",{"date":367,"score":148,"percentile":368},"2025-12-30",0.29388,{"date":370,"score":148,"percentile":371},"2025-12-31",0.29447,{"date":373,"score":148,"percentile":374},"2026-01-01",0.29566,{"date":376,"score":148,"percentile":377},"2026-01-02",0.29563,{"date":379,"score":148,"percentile":380},"2026-01-03",0.29545,{"date":382,"score":148,"percentile":383},"2026-01-04",0.29426,{"date":385,"score":148,"percentile":348},"2026-01-05",{"date":387,"score":148,"percentile":388},"2026-01-06",0.29434,{"date":390,"score":148,"percentile":391},"2026-01-07",0.29464,{"date":393,"score":148,"percentile":394},"2026-01-08",0.29489,{"date":396,"score":148,"percentile":397},"2026-01-09",0.29477,{"date":399,"score":148,"percentile":400},"2026-01-10",0.29463,{"date":402,"score":148,"percentile":371},"2026-01-11",{"date":404,"score":148,"percentile":405},"2026-01-12",0.29401,{"date":407,"score":148,"percentile":289},"2026-01-13",{"date":409,"score":148,"percentile":383},"2026-01-14",{"date":411,"score":148,"percentile":383},"2026-01-15",{"date":413,"score":148,"percentile":313},"2026-01-16",{"date":415,"score":148,"percentile":416},"2026-01-17",0.29453,{"date":418,"score":148,"percentile":405},"2026-01-18",{"date":420,"score":148,"percentile":421},"2026-01-19",0.29368,{"date":423,"score":148,"percentile":424},"2026-01-20",0.29351,{"date":426,"score":148,"percentile":427},"2026-01-21",0.29297,{"date":429,"score":148,"percentile":430},"2026-01-22",0.29267,{"date":432,"score":148,"percentile":271},"2026-01-23",{"date":434,"score":148,"percentile":435},"2026-01-24",0.29335,{"date":437,"score":148,"percentile":438},"2026-01-25",0.29259,{"date":440,"score":148,"percentile":441},"2026-01-26",0.29173,{"date":443,"score":148,"percentile":444},"2026-01-27",0.29158,{"date":446,"score":148,"percentile":447},"2026-01-28",0.29141,{"date":449,"score":148,"percentile":450},"2026-01-29",0.29102,{"date":452,"score":148,"percentile":453},"2026-01-30",0.29092,{"date":455,"score":148,"percentile":456},"2026-01-31",0.29091,{"date":458,"score":148,"percentile":459},"2026-02-01",0.2916,[461,466],{"source":152,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":462,"cvss_v4_0":9},{"baseScore":150,"baseSeverity":463,"vectorString":153,"impactScore":464,"exploitabilityScore":465},"MEDIUM",6,4.6,{"source":159,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":467,"cvss_v4_0":9},{"baseScore":150,"baseSeverity":9,"vectorString":153,"impactScore":464,"exploitabilityScore":465},[469,480],{"ecosystem":470,"name":471,"vendor":470,"product":471,"cpe_part":9,"purl_type":472,"purl_namespace":9,"purl_name":471,"source":9,"versions":473},"Crates.Io","coreos-installer","cargo",[474],{"version":475,"is_range":476,"range_type":477,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":479,"fixed_in":9},"lt0_10_0",true,"semver","0.10.0","excluding",{"ecosystem":9,"name":471,"vendor":481,"product":471,"cpe_part":482,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":483},"redhat","a",[484],{"version":485,"is_range":476,"range_type":486,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":479,"fixed_in":9},"lt0.10.0","cpe"]