936384 – (CVE-2024-3727) [Tracker] Go containers/image library: unexpected authenticated registry accesses

Bug 936384 (CVE-2024-3727) - [Tracker] Go containers/image library: unexpected authenticated registry accesses

Summary: [Tracker] Go containers/image library: unexpected authenticated registry acce...

Status:	CONFIRMED

Alias:	CVE-2024-3727

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/advisories/GHSA-6w...
Whiteboard:
Keywords:

Depends on:	932453 934141 936573
Blocks:
	Show dependency tree

Reported:	2024-07-20 09:05 UTC by Hans de Graaff
Modified:	2024-07-24 11:21 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hans de Graaff gentoo-dev

2024-07-20 09:05:15 UTC

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Affected versions
< 5.30.1

Patched versions
5.30.1