Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:34862
HistoryMar 28, 2022 - 8:17 a.m.

Information Disclosure

2022-03-2808:17:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
information disclosure
github.com/containerd/imgcrypt
vulnerability
remote attackers
unauthenticated
image access
decryption
first architecture
validation
software

EPSS

0.004

Percentile

75.0%

github.com/containerd/imgcrypt is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to view an image without providing keys if that image had previously been decrypted. This is possible because only the first architecture in an list is being validated.