CVE-2024-3727

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/errata/RHSA-2024:4850
https://access.redhat.com/errata/RHSA-2024:4960
https://access.redhat.com/errata/RHSA-2024:5258
https://access.redhat.com/errata/RHSA-2024:5951
https://access.redhat.com/errata/RHSA-2024:6054
https://access.redhat.com/errata/RHSA-2024:6708
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
Configurations

No configuration.

History

16 Sep 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6708 -

29 Aug 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6054 -

29 Aug 2024, 19:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/', 'source': 'secalert@redhat.com'}
  • () https://access.redhat.com/errata/RHSA-2024:5951 -

13 Aug 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:5258 -

07 Aug 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4960 -

02 Aug 2024, 16:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4850 -

24 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4613 -

03 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4159 -

27 Jun 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0045 -

12 Jun 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ -

11 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/ -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/ -
Summary
  • (es) Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques.

14 May 2024, 15:42

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:42

Updated : 2024-09-16 22:15

NVD link : CVE-2024-3727

Mitre link : CVE-2024-3727

CVE.ORG link : CVE-2024-3727

JSON object : View

Products Affected

No product.

CWE
CWE-354

Improper Validation of Integrity Check Value