Lucene search
HistoryMay 14, 2024 - 3:42 p.m.
CVE-2024-3727
flaw
containers
image library
unauthorized access
resource exhaustion
local path traversal
nvd
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
5.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
13.1%
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Containers",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhmtc/openshift-migration-controller-rhel8",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:rhmt"
]
},
{
"vendor": "Red Hat",
"product": "Multicluster Engine for Kubernetes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "multicluster-engine/agent-service-rhel8",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
]
},
{
"vendor": "Red Hat",
"product": "Multicluster Engine for Kubernetes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "multicluster-engine/assisted-installer-agent-rhel8",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
]
},
{
"vendor": "Red Hat",
"product": "Multicluster Engine for Kubernetes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "multicluster-engine/assisted-installer-reporter-rhel8",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
]
},
{
"vendor": "Red Hat",
"product": "Multicluster Engine for Kubernetes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "multicluster-engine/assisted-installer-rhel8",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
]
},
{
"vendor": "Red Hat",
"product": "Multicluster Engine for Kubernetes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "multicluster-engine/hive-rhel8",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:multicluster_engine"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift API for Data Protection",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "oadp/oadp-velero-plugin-rhel8",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Developer Tools and Services",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "ocp-tools-4/jenkins-agent-base-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:ocp_tools"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Developer Tools and Services",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "ocp-tools-4/jenkins-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:ocp_tools"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Serverless",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-serverless-1/client-kn-rhel8",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:serverless:1"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Serverless",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-serverless-clients",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:serverless:1"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Source-to-Image (S2I) Builder Image",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "source-to-image/source-to-image-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:source_to_image:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhacm2-tech-preview/submariner-rhel8-operator",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:acm:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-rhel8-operator",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-rhel8-operator",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Security 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Ansible Automation Platform 1.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-clients",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Ansible Automation Platform 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-clients",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "buildah",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "podman",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "skopeo",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:4.0/buildah",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:4.0/conmon",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:4.0/containers-common",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:4.0/podman",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:4.0/skopeo",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:rhel8/buildah",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:rhel8/conmon",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:rhel8/containers-common",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:rhel8/podman",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-tools:rhel8/skopeo",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "osbuild-composer",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "buildah",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "conmon",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "containers-common",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "osbuild-composer",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "podman",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "skopeo",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 3.11",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "atomic-openshift",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 3.11",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "podman",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "buildah",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "conmon",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "containers-common",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "cri-o",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/oc-mirror-plugin-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-agent-installer-api-server-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-agent-installer-csr-approver-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-agent-installer-node-agent-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-agent-installer-orchestrator-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-baremetal-installer-rhel7",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-cli",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-cli-artifacts",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-deployer",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-docker-builder",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-installer",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-installer-altinfra-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-installer-artifacts",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-machine-config-operator",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-olm-operator-controller-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-olm-rukpak-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-openshift-apiserver-rhel7",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-operator-lifecycle-manager",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-operator-registry",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-tools-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-clients",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "ose-installer-terraform-providers-container",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "ose-openshift-controller-manager-container",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "podman",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "skopeo",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform Assisted Installer",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/assisted-installer-agent-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:assisted_installer:"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform Assisted Installer",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/assisted-installer-reporter-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:assisted_installer:"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform Assisted Installer",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/assisted-installer-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:assisted_installer:"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Dev Spaces",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "devspaces/udi-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Openshift sandboxed containers",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-sandboxed-containers/osc-must-gather-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift_sandboxed_containers:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Openshift sandboxed containers",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift_sandboxed_containers:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-apiserver",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-cloner",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-controller",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-importer",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-operator",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-uploadserver",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "osp-director-provisioner-container",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Quay 3",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quay/quay-builder-rhel8",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:quay:3"
]
}
]References
access.redhat.com/security/cve/CVE-2024-3727
bugzilla.redhat.com/show_bug.cgi?id=2274767
lists.fedoraproject.org/archives/list/[email protected]/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
lists.fedoraproject.org/archives/list/[email protected]/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
lists.fedoraproject.org/archives/list/[email protected]/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
lists.fedoraproject.org/archives/list/[email protected]/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
lists.fedoraproject.org/archives/list/[email protected]/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
lists.fedoraproject.org/archives/list/[email protected]/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
lists.fedoraproject.org/archives/list/[email protected]/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
lists.fedoraproject.org/archives/list/[email protected]/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
lists.fedoraproject.org/archives/list/[email protected]/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/
Social References
More
Related
ubuntucve
ubuntucve
CVE-2024-3727
2024-05-14 00:00:00
openvas
openvas
Fedora: Security Advisory for buildah (FEDORA-2024-c56e6ff1b5)
2024-05-27 00:00:00
Fedora: Security Advisory for apptainer (FEDORA-2024-f4a65623e7)
2024-06-07 00:00:00
nessus
nessus
Fedora 40 : podman (2024-20393c122f)
2024-05-17 00:00:00
Fedora 40 : prometheus-podman-exporter (2024-2f8a62d6d6)
2024-06-11 00:00:00
alpinelinux
alpinelinux
CVE-2024-3727
2024-05-14 15:42:07
fedora
fedora
[SECURITY] Fedora 40 Update: podman-5.0.3-1.fc40
2024-05-17 01:09:09
[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39
2024-06-11 01:59:07
[SECURITY] Fedora 39 Update: buildah-1.35.4-1.fc39
2024-05-19 02:46:24
vulnrichment
vulnrichment
CVE-2024-3727 Containers/image: digest type does not guarantee valid type
2024-05-09 14:57:21
redhatcve
redhatcve
CVE-2024-3727
2024-05-09 14:55:55
wolfi
wolfi
CVE-2024-3727 vulnerabilities
2024-06-25 15:33:25
osv
osv
debiancve
debiancve
CVE-2024-3727
2024-05-14 15:42:07
cvelist
cvelist
CVE-2024-3727 Containers/image: digest type does not guarantee valid type
2024-05-09 14:57:21
veracode
veracode
Improper Digest Validation
2024-05-15 08:41:06
nvd
nvd
CVE-2024-3727
2024-05-14 15:42:07
cbl_mariner
cbl_mariner
CVE-2024-3727 affecting package ig for versions less than 0.29.0-1
2024-06-21 09:32:44
github
github
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
5.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
13.1%
Related for CVE-2024-3727