CVE-2024-3727
Containers/image: digest type does not guarantee valid type
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
imageRed Hat · Multicluster Engine for KubernetesRed Hat · OADP-1.3-RHEL-9Red Hat · OpenShift Developer Tools and ServicesRed Hat · OpenShift ServerlessRed Hat · OpenShift Source-to-Image (S2I)Red Hat · Red Hat Advanced Cluster Management for Kubernetes 2Red Hat · Red Hat Advanced Cluster Security 3Red Hat · Red Hat Advanced Cluster Security 4.4Red Hat · Red Hat Advanced Cluster Security 4.5Red Hat · Red Hat Ansible Automation Platform 1.2Red Hat · Red Hat Ansible Automation Platform 2Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Migration Toolkit for Containers 1.8Red Hat · Red Hat OpenShift Container Platform 3.11Red Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat OpenShift Container Platform 4.13Red Hat · Red Hat OpenShift Container Platform 4.14Red Hat · Red Hat OpenShift Container Platform 4.15Red Hat · Red Hat OpenShift Container Platform 4.16Red Hat · Red Hat OpenShift Container Platform 4.17Red Hat · Red Hat OpenShift Container Platform 4.18Red Hat · Red Hat OpenShift Container Platform Assisted Installer 1Red Hat · Red Hat OpenShift Dev SpacesRed Hat · Red Hat Openshift Sandboxed ContainersRed Hat · Red Hat OpenShift Virtualization 4Red Hat · Red Hat OpenStack Platform 16.2Red Hat · Red Hat Quay 3Red Hat · RHEL-9-CNV-4.15Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2024:0045https://access.redhat.com/errata/RHSA-2024:3718https://access.redhat.com/errata/RHSA-2024:4159https://access.redhat.com/errata/RHSA-2024:4613https://access.redhat.com/errata/RHSA-2024:4850https://access.redhat.com/errata/RHSA-2024:4960https://access.redhat.com/errata/RHSA-2024:5258https://access.redhat.com/errata/RHSA-2024:5951https://access.redhat.com/errata/RHSA-2024:6054https://access.redhat.com/errata/RHSA-2024:6122https://access.redhat.com/errata/RHSA-2024:6708https://access.redhat.com/errata/RHSA-2024:6818