CVE-2024-3727

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/errata/RHSA-2024:3718
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/errata/RHSA-2024:4850
https://access.redhat.com/errata/RHSA-2024:4960
https://access.redhat.com/errata/RHSA-2024:5258
https://access.redhat.com/errata/RHSA-2024:5951
https://access.redhat.com/errata/RHSA-2024:6054
https://access.redhat.com/errata/RHSA-2024:6708
https://access.redhat.com/errata/RHSA-2024:6824
https://access.redhat.com/errata/RHSA-2024:7164
https://access.redhat.com/errata/RHSA-2024:7174
https://access.redhat.com/errata/RHSA-2024:7182
https://access.redhat.com/errata/RHSA-2024:7187
https://access.redhat.com/errata/RHSA-2024:7922
https://access.redhat.com/errata/RHSA-2024:7941
https://access.redhat.com/errata/RHSA-2024:8260
https://access.redhat.com/errata/RHSA-2024:8425
https://access.redhat.com/errata/RHSA-2024:9097
https://access.redhat.com/errata/RHSA-2024:9098
https://access.redhat.com/errata/RHSA-2024:9102
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
Configurations

No configuration.

History

12 Nov 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9097 -
  • () https://access.redhat.com/errata/RHSA-2024:9098 -
  • () https://access.redhat.com/errata/RHSA-2024:9102 -

31 Oct 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8425 -

24 Oct 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8260 -

17 Oct 2024, 01:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7941 -

16 Oct 2024, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7922 -

03 Oct 2024, 13:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7187 -

02 Oct 2024, 11:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7174 -
  • () https://access.redhat.com/errata/RHSA-2024:7182 -

01 Oct 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3718 -

26 Sep 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7164 -

25 Sep 2024, 01:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6824 -

16 Sep 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6708 -

29 Aug 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6054 -

29 Aug 2024, 19:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/', 'source': 'secalert@redhat.com'}
  • () https://access.redhat.com/errata/RHSA-2024:5951 -

13 Aug 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:5258 -

07 Aug 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4960 -

02 Aug 2024, 16:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4850 -

24 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4613 -

03 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4159 -

27 Jun 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0045 -

12 Jun 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ -

11 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/ -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/ -

14 May 2024, 15:42

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:42

Updated : 2024-11-12 15:15

NVD link : CVE-2024-3727

Mitre link : CVE-2024-3727

CVE.ORG link : CVE-2024-3727

JSON object : View

Products Affected

No product.

CWE
CWE-354

Improper Validation of Integrity Check Value


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024