Lucene search
K

15 matches found

OSV
OSV
added 2026/06/25 6:26 p.m.2 views

GO-2026-5094 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm in github.com/distribution/distribution

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm in github.com/distribution/distribution...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/09 11:26 p.m.10 views

SUSE CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

3.1CVSS5.8AI score0.00274EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull- through cache mode, distribution discovers token auth...

7.5CVSS7.1AI score0.00274EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/06 6:33 p.m.4 views

CVE-2026-33540

A flaw was found in Distribution, a toolkit for managing container content. When operating in pull-through cache mode, Distribution incorrectly processes authentication challenges from an upstream registry. An attacker controlling the upstream registry, or positioned as a Man-in-the-Middle MitM,...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/06 5:52 p.m.3 views

EUVD-2026-19289

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/06 5:52 p.m.15 views

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

hi guys, commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 as-of 2026-01-31 contact: GitHub Security Advisory https://github.com/distribution/distribution/security/advisories/new summary in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges...

7.5CVSS7.1AI score0.00274EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2026/04/06 5:52 p.m.2 views

GHSA-3P65-76G6-3W7R Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

hi guys, commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 as-of 2026-01-31 contact: GitHub Security Advisory https://github.com/distribution/distribution/security/advisories/new summary in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References4
NVD
NVD
added 2026/04/06 3:17 p.m.4 views

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS0.00274EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 3:17 p.m.1 views

DEBIAN-CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.3AI score0.00274EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/06 3:17 p.m.10 views

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References2
OSV
OSV
added 2026/04/06 3:17 p.m.3 views

UBUNTU-CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References3
CVE
CVE
added 2026/04/06 2:55 p.m.34 views

CVE-2026-33540

CVE-2026-33540 affects the Distribution toolkit. In prior releases (before 3.1.0) and in pull-through cache mode, it parses WWW-Authenticate challenges to discover token auth endpoints, taking the realm URL from a bearer challenge without validating it against the upstream host. An attacker-contr...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 2:55 p.m.3 views

CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/06 2:55 p.m.6 views

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.3AI score0.00274EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/06 2:55 p.m.32 views

CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS0.00274EPSS
Exploits1References1
Rows per page
Query Builder