Bug 2274767 (CVE-2024-3727)
| Summary: | CVE-2024-3727 containers/image: digest type does not guarantee valid type | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adudiak, alcohan, asatyam, bdettelb, brking, dfreiber, dhanak, diagrawa, dkenigsb, doconnor, drow, dsimansk, dymurray, eglynn, epacific, fdeutsch, fifevip156, gkamathe, gparvin, haoli, hkataria, ibolton, jajackso, jburrell, jcammara, jhardy, jjoyce, jmatthew, jmitchel, jmontleo, jneedle, jobarker, joelsmith, jschluet, kegrant, kingland, koliveir, kshier, kverlaen, lbainbri, lgamliel, lhh, lsvaty, mabashia, matzew, mburns, mgarciac, mnovotny, njean, omaciel, oramraz, owatkins, pahickey, pbraun, pgaikwad, pgrist, pierdipi, rdey, rfreiman, rguimara, rhaigner, rhos-maint, rhuss, rjohnson, sabiswas, sausingh, sbrivio, sdawley, security-response-team, shvarugh, simaishi, slucidi, smcdonal, smullick, spandura, sseago, stcannon, stirabos, teagle, tfister, thason, thavo, tsweeney, vkumar, whayutin, yguenane, zsadeh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2284367, 2283674, 2284366, 2284368, 2284369, 2284370, 2284371, 2284372, 2284373, 2284374, 2284375, 2284376, 2284377, 2284378, 2284379, 2284380, 2284381, 2284382, 2284383, 2284384, 2284385, 2284386, 2295790 | ||
| Bug Blocks: | 2278911 | ||
|
Description
Pedro Sampaio
2024-04-12 18:25:41 UTC
Created apptainer tracking bugs for this issue: Affects: epel-all [bug 2284366] Affects: fedora-all [bug 2284369] Created buildah tracking bugs for this issue: Affects: fedora-all [bug 2284370] Created conmon tracking bugs for this issue: Affects: fedora-all [bug 2284371] Created containers-common tracking bugs for this issue: Affects: fedora-all [bug 2284386] Created cri-o tracking bugs for this issue: Affects: fedora-all [bug 2284372] Created cri-o:1.21/cri-o tracking bugs for this issue: Affects: epel-all [bug 2284367] Created cri-o:1.22/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2284373] Created cri-o:1.23/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2284374] Created cri-o:1.24/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2284375] Created cri-o:1.25/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2284376] Created cri-o:1.26/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2284377] Created cri-o:1.27/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2284378] Created osbuild-composer tracking bugs for this issue: Affects: fedora-all [bug 2284379] Created podman tracking bugs for this issue: Affects: fedora-all [bug 2284380] Created podman-tui tracking bugs for this issue: Affects: fedora-all [bug 2284381] Created prometheus-podman-exporter tracking bugs for this issue: Affects: fedora-all [bug 2284382] Created singularity-ce tracking bugs for this issue: Affects: epel-all [bug 2284368] Affects: fedora-all [bug 2284383] Created skopeo tracking bugs for this issue: Affects: fedora-all [bug 2284384] Created source-to-image tracking bugs for this issue: Affects: fedora-all [bug 2284385] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0045 https://access.redhat.com/errata/RHSA-2024:0045 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4159 https://access.redhat.com/errata/RHSA-2024:4159 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4613 https://access.redhat.com/errata/RHSA-2024:4613 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4850 https://access.redhat.com/errata/RHSA-2024:4850 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:4960 https://access.redhat.com/errata/RHSA-2024:4960 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258 This issue has been addressed in the following products: RHEL-9-CNV-4.15 Via RHSA-2024:5951 https://access.redhat.com/errata/RHSA-2024:5951 This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:6054 https://access.redhat.com/errata/RHSA-2024:6054 This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.5 Via RHSA-2024:6708 https://access.redhat.com/errata/RHSA-2024:6708 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:6824 https://access.redhat.com/errata/RHSA-2024:6824 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.8 Via RHSA-2024:7164 https://access.redhat.com/errata/RHSA-2024:7164 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2024:3718 https://access.redhat.com/errata/RHSA-2024:3718 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:7174 https://access.redhat.com/errata/RHSA-2024:7174 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:7182 https://access.redhat.com/errata/RHSA-2024:7182 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:7187 https://access.redhat.com/errata/RHSA-2024:7187 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2024:7922 https://access.redhat.com/errata/RHSA-2024:7922 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Ironic content for Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:7941 https://access.redhat.com/errata/RHSA-2024:7941 (In reply to errata-xmlrpc from comment #35) > This issue has been addressed in the following products: > > Red Hat OpenShift Container Platform 4.13 > Ironic content for Red Hat OpenShift Container Platform 4.13 > https://flappybirdgame.io > Via RHSA-2024:7941 https://access.redhat.com/errata/RHSA-2024:7941 Hopefully similar errors will not occur again. This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:8260 https://access.redhat.com/errata/RHSA-2024:8260 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:8425 https://access.redhat.com/errata/RHSA-2024:8425 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9097 https://access.redhat.com/errata/RHSA-2024:9097 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9102 https://access.redhat.com/errata/RHSA-2024:9102 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9098 https://access.redhat.com/errata/RHSA-2024:9098 This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:9960 https://access.redhat.com/errata/RHSA-2024:9960 Exion https://www.daisypoliklinik.com/btl-exion-istanbul/ EXION BTL medikal estetik alanında kullanılan modern bir cihazdır. BTL firmasının geliştirdiği bu sistem, vücut şekillendirme, cilt sıkılaştırma, cilt gençleştirme gibi çeşitli işlemleri sunuyor. EXION noninvaziv (cerrahi müdahale gerektirmeyen) bir teknoloji olup genellikle kliniklerde ve medikal estetik merkezlerinde uygulanmaktadır. This comment was flagged as spam, view the edit history to see the original text if required. Online Diyet https://www.dytiremcevik.com/online-diyet/ Son yıllarda dijital dünyanın hayatımıza entegre olmasıyla birlikte yeme alışkanlıklarımızı da online platformlar üzerinden şekillendirmeye başladık. Çevrimiçi diyet, kişiselleştirilmiş yemek planları, mobil uygulamalar, beslenme desteği ve çevrimiçi gruplar aracılığıyla sağlıklı bir yaşam tarzı oluşturmayı amaçlayan modern bir yaklaşımdır. This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2024:6122 https://access.redhat.com/errata/RHSA-2024:6122 |