CVE-2025-24882

Опубликовано: 04 авг. 2024

Источник: redhat

CVSS3: 5.2

Описание

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

A flaw was found in regclient. This issue can allow a malicious registry to return a different digest for a pinned manifest without detection via manipulated manifest responses.

Меры по смягчению последствий

Red Hat Product Security has not identified any applicable mitigations at this time.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Trusted Profile Analyzer	trusted-content-tenant/trustification-guac	Affected
Red Hat Trusted Profile Analyzer	/trustification-guac	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-345

https://bugzilla.redhat.com/show_bug.cgi?id=2302914regclient: Pinned manifest digests may be ignored

5.2 Medium

CVSS3

Связанные уязвимости

CVE-2025-24882

CVSS3: 5.2

nvd

11 месяцев назад

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

CVE-2025-24882

CVSS3: 5.2

debian

11 месяцев назад

regclient is a Docker and OCI Registry Client in Go. A malicious regis ...

GHSA-qv35-3gw6-8q4j

CVSS3: 5.2

github

больше 1 года назад

In regclient, pinned manifest digests may be ignored

5.2 Medium

CVSS3