25 matches found
CVE-2026-10517
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
CVE-2026-10517
The CVE describes a flaw in Clair’s fetcher where it makes outbound HTTP requests to attacker-supplied URIs taken from manifest layer descriptors without filtering IPs or schemes. If PSK authentication is not configured, an unauthenticated attacker can submit a manifest pointing to internal servi...
CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
EUVD-2026-33599
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
CVE-2026-10517
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
CVE-2026-10517
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
Clair code issue vulnerabilities
Clair is a project open source by QUAY. It is used for static analysis of vulnerabilities in application containers currently including OCI and Docker. Clair has code-related vulnerabilities. These vulnerabilities arise from the fetcher component, which allows unauthenticated attackers to perform...
PT-2026-45353
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
clair-4.9.0-1.1 on GA media (moderate)
clair-4.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15823-1 Rating: moderate Cross-References: CVE-2025-47907 CVSS scores: CVE-2025-47907 SUSE : 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-47907 SUSE : 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N...
OPENSUSE-SU-2025:15823-1 clair-4.9.0-1.1 on GA media
These are all security issues fixed in the clair-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2022-1483
Malicious code in bioql PyPI...
drclair.com Cross Site Scripting vulnerability OBB-3897978
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
clair-ah.com Improper Access Control vulnerability OBB-3795748
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-3762
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...
Directory traversal
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...
CVE-2021-3762
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...
CVE-2021-3762
CVE-2021-3762 affects Clair’s ClairCore engine (directory traversal in Clair/ ClairCore) that allows arbitrary file writes when scanning a crafted container image, potentially enabling remote code execution. Several connected sources corroborate a path-traversal vulnerability within the ClairCore...
PT-2022-10660 · Clair · Clair
Name of the Vulnerable Software and Affected Versions: Clair versions affected versions not specified Description: A directory traversal issue in the ClairCore engine allows an attacker to exploit the system by providing a crafted container image. When scanned by Clair, this can lead to arbitrary...
Clair 路径遍历漏洞
Clair is an open source project. It is used to statically analyze vulnerabilities in application containers currently including Oci and Docker. Clair suffers from a path traversal vulnerability that stems from a directory traversal vulnerability found in Clair's ClairCore engine. An attacker can...