A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:0045 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3718 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4159 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4613 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4850 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4960 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:5258 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:5951 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6054 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6708 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:6824 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7174 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7182 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7187 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7922 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7941 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8260 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8425 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9097 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9098 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9102 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9960 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-3727 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2274767 cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/ cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-3727 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-3727 cve-icon
History

Tue, 10 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_devspaces:3:: cpe:/a:redhat:openshift_devspaces:3:

Mon, 09 Dec 2024 10:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_devspaces:3::el8 cpe:/a:redhat:openshift_devspaces:3::

Sat, 23 Nov 2024 04:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_api_data_protection:1
References

Fri, 22 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_api_data_protection:1.3::el9

Fri, 22 Nov 2024 12:00:00 +0000


Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Tue, 12 Nov 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
References

Thu, 31 Oct 2024 05:15:00 +0000

Type Values Removed Values Added
References

Thu, 24 Oct 2024 17:30:00 +0000

Type Values Removed Values Added
References

Thu, 17 Oct 2024 00:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el8
cpe:/a:redhat:openshift:4.13::el9
cpe:/a:redhat:openshift_ironic:4.13::el9
References

Wed, 16 Oct 2024 07:00:00 +0000

Type Values Removed Values Added
References

Thu, 03 Oct 2024 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_ironic:4.14::el9
References

Wed, 02 Oct 2024 11:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_ironic:4.15::el9
References

Tue, 01 Oct 2024 23:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9
References

Thu, 26 Sep 2024 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhmt cpe:/a:redhat:rhmt:1.8::el8
References

Tue, 24 Sep 2024 23:15:00 +0000

Type Values Removed Values Added
References

Wed, 18 Sep 2024 08:30:00 +0000


Mon, 16 Sep 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:advanced_cluster_security:4.5::el8
References

Thu, 29 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:advanced_cluster_security:4 cpe:/a:redhat:advanced_cluster_security:4.4::el8
References

Thu, 29 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
References

Wed, 28 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:container_native_virtualization:4.15::el9

Tue, 13 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Tue, 13 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
References

Wed, 07 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8
cpe:/a:redhat:openshift:4.14::el9
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-09T14:57:21.327Z

Updated: 2024-12-23T07:03:39.627Z

Reserved: 2024-04-12T17:56:37.261Z

Link: CVE-2024-3727

cve-icon Vulnrichment

Updated: 2024-08-01T20:20:01.029Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T15:42:07.060

Modified: 2024-11-23T04:15:09.660

Link: CVE-2024-3727

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-09T00:00:00Z

Links: CVE-2024-3727 - Bugzilla