Lucene search
Veracode Vulnerability DatabaseVERACODE:34501HistoryMar 04, 2022 - 5:08 a.m.
Directory Traversal
2022-03-0405:08:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
directory traversal
permission checks
container image
file system
EPSS
0.069
Percentile
93.9%
github.com/quay/claircore is vulnerable to directory traversal. The vulnerability exists in Scan function of packagescanner.go due to lack of permission checks which allows a malicious attacker is able to send a crafted container image and perform arbitrary file writes on the file system.
References
access.redhat.com/security/cve/cve-2021-3762
bugzilla.redhat.com/show_bug.cgi?id=2000795
github.com/advisories/GHSA-mq47-6wwv-v79w
github.com/quay/clair/pull/1379
github.com/quay/clair/pull/1380
github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821
github.com/quay/claircore/pull/478
vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83
Related
redhat
redhat
(RHSA-2021:3665) Important: Red Hat Quay v3.5.7 bug fix and security update
2021-09-28 15:37:57
github
github
Path traversal in claircore
2022-03-04 00:00:16
osv
osv
Path traversal in claircore
2022-03-04 00:00:16
CVE-2021-3762
2022-03-03 22:15:08
Path traversal in github.com/quay/claircore
2022-07-15 23:30:27
nvd
nvd
CVE-2021-3762
2022-03-03 22:15:08
cvelist
cvelist
CVE-2021-3762
2022-03-03 21:41:19
redhatcve
redhatcve
CVE-2021-3762
2021-09-28 12:45:19
cve
cve
CVE-2021-3762
2022-03-03 22:15:08
prion
prion
Directory traversal
2022-03-03 22:15:00