{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T19:05:18.311","vulnerabilities":[{"cve":{"id":"CVE-2022-3675","sourceIdentifier":"patrick@puiterwijk.org","published":"2022-11-03T18:15:14.627","lastModified":"2024-11-21T07:20:00.590","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Fedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\n\n\n"},{"lang":"es","value":"Fedora CoreOS admite la configuración de una contraseña del cargador de arranque GRUB usando una configuración de Butane. Cuando esta característica está habilitada, GRUB requiere una contraseña para acceder a la línea de comandos de GRUB, modificar los argumentos de la línea de comandos del kernel o iniciar implementaciones de OSTree no predeterminadas. Las versiones recientes de Fedora CoreOS tienen una configuración incorrecta que permite iniciar implementaciones OSTree no predeterminadas sin ingresar una contraseña. Esto permite que alguien con acceso al menú de GRUB inicie una versión anterior de Fedora CoreOS, revirtiendo cualquier corrección de seguridad que se haya aplicado recientemente a la máquina. Aún se requiere una contraseña para modificar los argumentos de la línea de comandos del kernel y acceder a la línea de comandos de GRUB."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:fedora_coreos:*:*:*:*:*:*:*:*","versionStartIncluding":"36.20220820.3.0","versionEndExcluding":"37.20221031.1.0","matchCriteriaId":"E39CD0D4-960C-48F7-BD25-1362B062C27B"}]}]}],"references":[{"url":"https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/","source":"patrick@puiterwijk.org","tags":["Vendor Advisory"]},{"url":"https://github.com/coreos/fedora-coreos-tracker/issues/1333","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/","source":"patrick@puiterwijk.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/coreos/fedora-coreos-tracker/issues/1333","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}