Описание
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Отчет
Some conditions are necessary for this attack to occur, such as the attacker being able to upload malicious images to the registry and persuade a victim to pull them. Hence, the severity of this flaw was rated as Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Multicluster Engine for Kubernetes | multicluster-engine/agent-service-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-reporter-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/hive-rhel8 | Not affected | ||
| OpenShift Developer Tools and Services | ocp-tools-4/jenkins-agent-base-rhel8 | Affected | ||
| OpenShift Developer Tools and Services | ocp-tools-4/jenkins-rhel8 | Affected | ||
| OpenShift Serverless | openshift-serverless-1/client-kn-rhel8 | Will not fix | ||
| OpenShift Serverless | openshift-serverless-clients | Will not fix | ||
| OpenShift Source-to-Image (S2I) | source-to-image-container | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
A flaw was found in the github.com/containers/image library. This flaw ...
EPSS
8.3 High
CVSS3