CVE-2024-3727 - OpenCVE

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-09T14:57:21.327Z

Updated: 2024-07-09T23:11:38.869Z

Reserved: 2024-04-12T17:56:37.261Z

Link: CVE-2024-3727

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-14T15:42:07.060

Modified: 2024-06-27T17:15:10.690

Link: CVE-2024-3727

JSON object: View

Redhat Information

No data.

CWE

CWE-354

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-3727", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-04-12T17:56:37.261Z", "datePublished": "2024-05-09T14:57:21.327Z", "dateUpdated": "2024-07-09T23:11:38.869Z"}, "containers": {"cna": {"title": "Containers/image: digest type does not guarantee valid type", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "versions": [{"version": "4:4.9.4-5.1.rhaos4.16.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "affected", "versions": [{"version": "2:1.14.4-1.rhaos4.16.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cri-o", "defaultStatus": "affected", "versions": [{"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Containers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhmtc/openshift-migration-controller-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:rhmt"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/agent-service-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-installer-agent-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-installer-reporter-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-installer-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/hive-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "OpenShift API for Data Protection", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "oadp/oadp-velero-plugin-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_api_data_protection:1"]}, {"vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ocp-tools-4/jenkins-agent-base-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ocp_tools"]}, {"vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ocp-tools-4/jenkins-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ocp_tools"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/client-kn-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-clients", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Source-to-Image (S2I) Builder Image", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "source-to-image/source-to-image-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:source_to_image:1"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2-tech-preview/submariner-rhel8-operator", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:3"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:advanced_cluster_security:4"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 1.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-clients", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:ansible_automation_platform"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-clients", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:ansible_automation_platform:2"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "buildah", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/buildah", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/conmon", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/containers-common", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/podman", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:4.0/skopeo", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:rhel8/buildah", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:rhel8/conmon", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:rhel8/containers-common", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:rhel8/podman", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-tools:rhel8/skopeo", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "osbuild-composer", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "buildah", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "conmon", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "containers-common", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "osbuild-composer", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skopeo", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "atomic-openshift", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:3.11"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 3.11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "podman", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openshift:3.11"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "buildah", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "conmon", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "containers-common", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/oc-mirror-plugin-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-agent-installer-api-server-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-agent-installer-csr-approver-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-agent-installer-node-agent-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-agent-installer-orchestrator-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-baremetal-installer-rhel7", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-cli", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-cli-artifacts", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-deployer", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-docker-builder", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-installer", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-installer-altinfra-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-installer-artifacts", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-machine-config-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-olm-operator-controller-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-olm-rukpak-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-openshift-apiserver-rhel7", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-openshift-proxy-pull-test-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-operator-lifecycle-manager", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-operator-registry", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-tools-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-clients", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ose-installer-terraform-providers-container", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ose-openshift-controller-manager-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/assisted-installer-agent-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:assisted_installer:"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/assisted-installer-reporter-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:assisted_installer:"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform Assisted Installer", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/assisted-installer-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:assisted_installer:"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Dev Spaces", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "devspaces/udi-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_devspaces:3::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift sandboxed containers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-sandboxed-containers/osc-must-gather-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_sandboxed_containers:1"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift sandboxed containers", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_sandboxed_containers:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-apiserver", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-cloner", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-controller", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-controller-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-importer", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-importer-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-operator-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadproxy", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadserver", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Virtualization 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:container_native_virtualization:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "osp-director-provisioner-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat Quay 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "quay/quay-builder-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quay:3"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0045", "name": "RHSA-2024:0045", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4159", "name": "RHSA-2024:4159", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3727", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "name": "RHBZ#2274767", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/"}], "datePublic": "2024-05-09T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-354: Improper Validation of Integrity Check Value", "timeline": [{"lang": "en", "time": "2024-04-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-09T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-07-09T23:11:38.869Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3727", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T17:59:41.318223Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:13.046Z"}}]}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la librer\u00eda github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario v\u00edctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques."}], "id": "CVE-2024-3727", "lastModified": "2024-06-27T17:15:10.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-05-14T15:42:07.060", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0045"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3727"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "secalert@redhat.com", "type": "Primary"}]}