Lucene search

K

Veracode Vulnerability DatabaseVERACODE:46928

HistoryMay 15, 2024 - 8:41 a.m.

Improper Digest Validation

2024-05-1508:41:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

vulnerability

improper validation

digest values

authenticated

registry accesses

untrusted images

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

github.com/containers/image is vulnerable to Improper Digest Validation. The vulnerability is due to improper validation of digest values, which allows an attacker to trigger authenticated registry accesses when pulling untrusted images.

CPENameOperatorVersion
github.com/containers/imagelev5.30.0
github.com/containers/imagelev5.30.0
podmaneq3.4.4-r1
podmaneq3.2.3-r0
podmaneq4.1.1-r2
podmaneq4.9.4-r0
podmaneq3.2.0-r0
podmaneq4.4.0-r2
podmaneq4.7.1-r0
podmaneq4.0.0-r0

Rows per page:

1-10 of 1981

References

access.redhat.com/security/cve/CVE-2024-3727

bugzilla.redhat.com/show_bug.cgi?id=2274767

github.com/advisories/GHSA-6wvf-f2vw-3425

github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385

github.com/containers/image/commit/56e750a2cab2472740a8be66355401da5191d10b

github.com/containers/image/commit/8d7cdb21f5bbbaabd24819fcd9f0ffdae2d30d1e

github.com/containers/image/pull/2403

github.com/containers/image/pull/2404

github.com/containers/image/pull/2405

github.com/containers/image/releases/tag/v5.30.1

lists.fedoraproject.org/archives/list/[email protected]/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/

lists.fedoraproject.org/archives/list/[email protected]/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/

lists.fedoraproject.org/archives/list/[email protected]/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/

lists.fedoraproject.org/archives/list/[email protected]/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/

lists.fedoraproject.org/archives/list/[email protected]/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/

lists.fedoraproject.org/archives/list/[email protected]/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/

lists.fedoraproject.org/archives/list/[email protected]/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/

lists.fedoraproject.org/archives/list/[email protected]/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/

lists.fedoraproject.org/archives/list/[email protected]/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

Related for VERACODE:46928

fedora9 nessus16 openvas14 vulnrichment1 cve1 redhatcve1 wolfi1 alpinelinux1 ubuntucve1 osv2 debiancve1 cvelist1 nvd1 cbl_mariner1 github1