CVE-2024-3727

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/errata/RHSA-2024:3718
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/errata/RHSA-2024:4850
https://access.redhat.com/errata/RHSA-2024:4960
https://access.redhat.com/errata/RHSA-2024:5258
https://access.redhat.com/errata/RHSA-2024:5951
https://access.redhat.com/errata/RHSA-2024:6054
https://access.redhat.com/errata/RHSA-2024:6122
https://access.redhat.com/errata/RHSA-2024:6708
https://access.redhat.com/errata/RHSA-2024:6818
https://access.redhat.com/errata/RHSA-2024:6824
https://access.redhat.com/errata/RHSA-2024:7164
https://access.redhat.com/errata/RHSA-2024:7174
https://access.redhat.com/errata/RHSA-2024:7182
https://access.redhat.com/errata/RHSA-2024:7187
https://access.redhat.com/errata/RHSA-2024:7922
https://access.redhat.com/errata/RHSA-2024:7941
https://access.redhat.com/errata/RHSA-2024:8260
https://access.redhat.com/errata/RHSA-2024:8425
https://access.redhat.com/errata/RHSA-2024:9097
https://access.redhat.com/errata/RHSA-2024:9098
https://access.redhat.com/errata/RHSA-2024:9102
https://access.redhat.com/errata/RHSA-2024:9960
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/
Configurations

No configuration.

History

25 Feb 2025, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6122 -

20 Jan 2025, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6818 -

23 Nov 2024, 04:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9960 -

21 Nov 2024, 09:30

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/ -
References () https://access.redhat.com/errata/RHSA-2024:0045 - () https://access.redhat.com/errata/RHSA-2024:0045 -
References () https://access.redhat.com/errata/RHSA-2024:4159 - () https://access.redhat.com/errata/RHSA-2024:4159 -
References () https://access.redhat.com/errata/RHSA-2024:4613 - () https://access.redhat.com/errata/RHSA-2024:4613 -
References () https://access.redhat.com/security/cve/CVE-2024-3727 - () https://access.redhat.com/security/cve/CVE-2024-3727 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2274767 - () https://bugzilla.redhat.com/show_bug.cgi?id=2274767 -

12 Nov 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:9097 -
  • () https://access.redhat.com/errata/RHSA-2024:9098 -
  • () https://access.redhat.com/errata/RHSA-2024:9102 -

31 Oct 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8425 -

24 Oct 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:8260 -

17 Oct 2024, 01:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7941 -

16 Oct 2024, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7922 -

03 Oct 2024, 13:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7187 -

02 Oct 2024, 11:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7174 -
  • () https://access.redhat.com/errata/RHSA-2024:7182 -

01 Oct 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3718 -

26 Sep 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:7164 -

25 Sep 2024, 01:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6824 -

16 Sep 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6708 -

29 Aug 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:6054 -

29 Aug 2024, 19:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/', 'source': 'secalert@redhat.com'}
  • () https://access.redhat.com/errata/RHSA-2024:5951 -

13 Aug 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:5258 -

07 Aug 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4960 -

02 Aug 2024, 16:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4850 -

24 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4613 -

03 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4159 -

27 Jun 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0045 -

12 Jun 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ -

11 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/ -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/ -
Summary
  • (es) Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques.

14 May 2024, 15:42

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:42

Updated : 2025-02-25 08:15

NVD link : CVE-2024-3727

Mitre link : CVE-2024-3727

CVE.ORG link : CVE-2024-3727

JSON object : View

Products Affected

No product.

CWE
CWE-354

Improper Validation of Integrity Check Value