Lucene search
K

11 matches found

OSV
OSV
added 2026/07/01 9:6 p.m.2 views

GHSA-XF85-363P-868W oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

Summary oras-go's auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. The realm field is server-controlled by design in the OCI/distribution spec — registries legitimately point token requests at a separate auth endpoint e....

2.1CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2026/04/06 5:52 p.m.2 views

GHSA-3P65-76G6-3W7R Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

hi guys, commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 as-of 2026-01-31 contact: GitHub Security Advisory https://github.com/distribution/distribution/security/advisories/new summary in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/06 5:52 p.m.15 views

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

hi guys, commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 as-of 2026-01-31 contact: GitHub Security Advisory https://github.com/distribution/distribution/security/advisories/new summary in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges...

7.5CVSS7.1AI score0.00274EPSS
Exploits1References4Affected Software2
Snyk
Snyk
added 2026/04/06 4:9 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that parses WWW-Authenticate challenges from an upstream registry. An attacker can obtain upstream credentials by manipulating the bearer realm URL to redirect authentication requests to a...

8.7CVSS5.9AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/06 4:9 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that parses WWW-Authenticate challenges from an upstream registry. An attacker can obtain upstream credentials by manipulating the bearer realm URL to redirect authentication requests to a...

8.7CVSS5.9AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/06 4:9 p.m.8 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that parses WWW-Authenticate challenges from an upstream registry. An attacker can obtain upstream credentials by manipulating the bearer realm URL to redirect authentication requests to a...

8.7CVSS5.9AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/06 4:9 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process that parses WWW-Authenticate challenges from an upstream registry. An attacker can obtain upstream credentials by manipulating the bearer realm URL to redirect authentication requests to a...

8.7CVSS5.9AI score0.00274EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/06 3:17 p.m.10 views

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References2
CVE
CVE
added 2026/04/06 2:55 p.m.34 views

CVE-2026-33540

CVE-2026-33540 affects the Distribution toolkit. In prior releases (before 3.1.0) and in pull-through cache mode, it parses WWW-Authenticate challenges to discover token auth endpoints, taking the realm URL from a bearer challenge without validating it against the upstream host. An attacker-contr...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 2:55 p.m.3 views

CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 2:55 p.m.31 views

CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS0.00274EPSS
Exploits1References1
Rows per page
Query Builder