CVE-2024-3727

Summary

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Affected Software

VendorProductVersion RangeStatus
0 < 5.29.3affected
5.30.0 < 5.30.1affected
Red HatOADP-1.3-RHEL-91.3.4-9 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-4 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-3 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-3 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-3 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.44.4.5-3 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-1 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Advanced Cluster Security 4.54.5.2-2 < *unaffected
Red HatRed Hat Enterprise Linux 88100020240808093819.afee755d < *unaffected
Red HatRed Hat Enterprise Linux 92:1.37.2-1.el9 < *unaffected
Red HatRed Hat Enterprise Linux 92:1.16.1-1.el9 < *unaffected
Red HatRed Hat Enterprise Linux 92:5.2.2-1.el9 < *unaffected
Red HatRed Hat Migration Toolkit for Containers 1.8v1.8.4-22 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.133:4.4.1-13.rhaos4.13.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.132:1.11.3-3.rhaos4.13.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.143:4.4.1-19.rhaos4.14.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.142:1.11.3-3.rhaos4.14.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15415.92.202409162258-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.153:4.4.1-30.rhaos4.15.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.152:1.11.3-4.rhaos4.15.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202410230304.p0.g366295f.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.164:4.9.4-5.1.rhaos4.16.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.162:1.14.4-1.rhaos4.16.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.160:1.29.5-7.rhaos4.16.git7db4ada.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202409231504.p0.g342902b.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.18v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9 < *unaffected
Red HatRHEL-9-CNV-4.15v4.15.5-7 < *unaffected

Weaknesses

  • CWE-354: Improper Validation of Integrity Check Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References