Un authenticated registry access vulnerability in image library
CVE-2024-3727
8.3HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Advanced Cluster Security 4.4
- Red Hat Advanced Cluster Security 4.5
- Red Hat Enterprise Linux 8
- Red Hat Openshift Container Platform 4.14
- Vendor
- CVE Published:
- 14 May 2024
Summary
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Affected Version(s)
Red Hat Advanced Cluster Security 4.4 <= 4.4.5-2
Red Hat Advanced Cluster Security 4.4 <= 4.4.5-2
Red Hat Advanced Cluster Security 4.4 <= 4.4.5-2
CVSS V3.1
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published.
Risk change from: null to: 8.3 - (HIGH)
Vulnerability Reserved.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database