CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
13.7%
github.com/containers/image is vulnerable to Improper Digest Validation. The vulnerability is due to improper validation of digest values, which allows an attacker to trigger authenticated registry accesses when pulling untrusted images.
access.redhat.com/errata/RHSA-2024:0045
access.redhat.com/errata/RHSA-2024:4159
access.redhat.com/errata/RHSA-2024:4613
access.redhat.com/errata/RHSA-2024:4850
access.redhat.com/errata/RHSA-2024:4960
access.redhat.com/errata/RHSA-2024:5258
access.redhat.com/errata/RHSA-2024:5951
access.redhat.com/errata/RHSA-2024:6054
access.redhat.com/errata/RHSA-2024:6708
access.redhat.com/security/cve/CVE-2024-3727
bugzilla.redhat.com/show_bug.cgi?id=2274767
github.com/advisories/GHSA-6wvf-f2vw-3425
github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385
github.com/containers/image/commit/56e750a2cab2472740a8be66355401da5191d10b
github.com/containers/image/commit/8d7cdb21f5bbbaabd24819fcd9f0ffdae2d30d1e
github.com/containers/image/pull/2403
github.com/containers/image/pull/2404
github.com/containers/image/pull/2405
github.com/containers/image/releases/tag/v5.30.1
lists.fedoraproject.org/archives/list/[email protected]/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
lists.fedoraproject.org/archives/list/[email protected]/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
lists.fedoraproject.org/archives/list/[email protected]/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
lists.fedoraproject.org/archives/list/[email protected]/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
lists.fedoraproject.org/archives/list/[email protected]/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
lists.fedoraproject.org/archives/list/[email protected]/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
lists.fedoraproject.org/archives/list/[email protected]/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
lists.fedoraproject.org/archives/list/[email protected]/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
lists.fedoraproject.org/archives/list/[email protected]/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/