5 matches found
SUSE-SU-2026:21560-1 Security update for distribution
This update for distribution fixes the following issues Security issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260283. - CVE-2026-33540: information disclosure via improper validation of authentication real...
OPENSUSE-SU-2026:20686-1 Security update for distribution
This update for distribution fixes the following issues Security issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260283. - CVE-2026-33540: information disclosure via improper validation of authentication real...
CVE-2026-33540 vulnerabilities
Vulnerabilities for packages: gitness, zot, envoy-gateway, kots, portieris...
CVE-2026-33540
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...
CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...