Home > Vulnerability Database > CVE-2024-3727

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-3727

Good to know:

Date: May 9, 2024

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Language: Go

Severity Score

8.3

Related Resources (53)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/

Url: https://access.redhat.com/errata/RHSA-2024:6122

Url: https://access.redhat.com/errata/RHSA-2024:8425

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP

Url: https://access.redhat.com/errata/RHSA-2024:8260

Url: https://access.redhat.com/errata/RHSA-2024:7174

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3727

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2274767

Url: https://access.redhat.com/errata/RHSA-2024:7922

Url: https://access.redhat.com/errata/RHSA-2024:4613

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/

Url: https://access.redhat.com/errata/RHSA-2024:7164

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/

Url: https://access.redhat.com/errata/RHSA-2024:4850

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD

Url: https://access.redhat.com/errata/RHSA-2024:9102

Url: https://access.redhat.com/security/cve/CVE-2024-3727

Url: https://access.redhat.com/errata/RHSA-2024:3718

Url: https://access.redhat.com/errata/RHSA-2024:6708

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC

Url: https://github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/

Url: https://access.redhat.com/errata/RHSA-2024:0045

Url: https://access.redhat.com/errata/RHSA-2024:5258

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN

Url: https://access.redhat.com/errata/RHSA-2024:6824

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT

Url: https://access.redhat.com/errata/RHSA-2024:4960

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/

Url: https://access.redhat.com/errata/RHSA-2024:9097

Url: https://access.redhat.com/errata/RHSA-2024:9098

Url: https://github.com/containers/image/releases/tag/v5.30.1

Url: https://access.redhat.com/errata/RHSA-2024:6818

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ

Url: https://github.com/containers/image

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV

Url: https://access.redhat.com/errata/RHSA-2024:4159

Url: https://github.com/containers/image/releases/tag/v5.29.3

Url: https://github.com/containers/image/commit/e8948046055060605bd68289d406ce149590c33a

Url: https://access.redhat.com/errata/RHSA-2024:6054

Url: https://access.redhat.com/errata/RHSA-2024:7187

Url: https://access.redhat.com/errata/RHSA-2024:7941

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/

Url: https://access.redhat.com/errata/RHSA-2024:9960

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/

Url: https://access.redhat.com/errata/RHSA-2024:7182

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR

Url: https://access.redhat.com/errata/RHSA-2024:5951

Url: https://github.com/advisories/GHSA-6wvf-f2vw-3425

Url: https://www.mend.io/vulnerability-database/CVE-2024-3727

Severity Score

8.3

Weakness Type (CWE)

Improper Validation of Integrity Check Value

CWE-354

Top Fix

Upgrade Version

Upgrade to version github.com/containers/image - v5.30.1;github.com/containers/image/v5 - v5.30.1;github.com/containers/image/v5 - v5.29.3

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us