CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
57.4%
github.com/crossplane/crossplane is vulnerable to Missing Image Validation. The vulnerability exists in imageback.go
due to a lack of image validation inside the packages, which allows an attacker bypass the detection mechanism for tampered packages.
github.com/advisories/GHSA-pj4x-2xr5-w87m
github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf
github.com/crossplane/crossplane/commit/2a6d31f410ee5026c795b20b5a4f9d581ebd1568
github.com/crossplane/crossplane/commit/a1293952f03d4b9012cf689b05bee35bb11b77d6
github.com/crossplane/crossplane/commit/d577b71940deb26e60d32ad03c0ba6339d3865e9
github.com/crossplane/crossplane/security/advisories/GHSA-pj4x-2xr5-w87m
github.com/golang/vulndb/issues/1980