5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
github.com/opencontainers/distribution-spec is handling content-type incorrectly. Type of the manifest during the push and pull operations was wrongly determined as it uses only Content-Type header, causing a client to interpret the resulting content differently.
www.openwall.com/lists/oss-security/2021/11/19/10
github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923
github.com/opencontainers/distribution-spec/releases
github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c
lists.fedoraproject.org/archives/list/[email protected]/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX/
lists.fedoraproject.org/archives/list/[email protected]/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN/
lists.fedoraproject.org/archives/list/[email protected]/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML/
lists.fedoraproject.org/archives/list/[email protected]/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27/
lists.fedoraproject.org/archives/list/[email protected]/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM/
lists.fedoraproject.org/archives/list/[email protected]/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4/
lists.fedoraproject.org/archives/list/[email protected]/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV/
lists.fedoraproject.org/archives/list/[email protected]/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX/
5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N