Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2024-3727

Disclosure Date: May 14, 2024
CVE-2024-3727
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Advanced Cluster Security 4.4 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat Enterprise Linux 8 not down converted
Red Hat OpenShift Container Platform 4.14 not down converted
Red Hat OpenShift Container Platform 4.15 not down converted
Red Hat OpenShift Container Platform 4.16 not down converted
Red Hat OpenShift Container Platform 4.16 not down converted
Red Hat OpenShift Container Platform 4.16 not down converted
Red Hat OpenShift Container Platform 4.16 not down converted
RHEL-9-CNV-4.15 not down converted
Migration Toolkit for Containers not down converted
Multicluster Engine for Kubernetes not down converted
Multicluster Engine for Kubernetes not down converted
Multicluster Engine for Kubernetes not down converted
Multicluster Engine for Kubernetes not down converted
Multicluster Engine for Kubernetes not down converted
OpenShift API for Data Protection not down converted
OpenShift Developer Tools and Services not down converted
OpenShift Developer Tools and Services not down converted
OpenShift Serverless not down converted
OpenShift Serverless not down converted
OpenShift Source-to-Image (S2I) Builder Image not down converted
Red Hat Advanced Cluster Management for Kubernetes 2 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Advanced Cluster Security 3 not down converted
Red Hat Ansible Automation Platform 1.2 not down converted
Red Hat Ansible Automation Platform 2 not down converted
Red Hat Enterprise Linux 7 not down converted
Red Hat Enterprise Linux 7 not down converted
Red Hat Enterprise Linux 7 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat Enterprise Linux 9 not down converted
Red Hat OpenShift Container Platform 3.11 not down converted
Red Hat OpenShift Container Platform 3.11 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform 4 not down converted
Red Hat OpenShift Container Platform Assisted Installer not down converted
Red Hat OpenShift Container Platform Assisted Installer not down converted
Red Hat OpenShift Container Platform Assisted Installer not down converted
Red Hat OpenShift Dev Spaces not down converted
Red Hat Openshift sandboxed containers not down converted
Red Hat Openshift sandboxed containers not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenShift Virtualization 4 not down converted
Red Hat OpenStack Platform 16.2 not down converted
Red Hat Quay 3 not down converted
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • Red Hat

Products

  • Red Hat Advanced Cluster Security 4.4,
  • Red Hat Enterprise Linux 8,
  • Red Hat OpenShift Container Platform 4.14,
  • Red Hat OpenShift Container Platform 4.15,
  • Red Hat OpenShift Container Platform 4.16,
  • RHEL-9-CNV-4.15,
  • Migration Toolkit for Containers,
  • Multicluster Engine for Kubernetes,
  • OpenShift API for Data Protection,
  • OpenShift Developer Tools and Services,
  • OpenShift Serverless,
  • OpenShift Source-to-Image (S2I) Builder Image,
  • Red Hat Advanced Cluster Management for Kubernetes 2,
  • Red Hat Advanced Cluster Security 3,
  • Red Hat Ansible Automation Platform 1.2,
  • Red Hat Ansible Automation Platform 2,
  • Red Hat Enterprise Linux 7,
  • Red Hat Enterprise Linux 9,
  • Red Hat OpenShift Container Platform 3.11,
  • Red Hat OpenShift Container Platform 4,
  • Red Hat OpenShift Container Platform Assisted Installer,
  • Red Hat OpenShift Dev Spaces,
  • Red Hat Openshift sandboxed containers,
  • Red Hat OpenShift Virtualization 4,
  • Red Hat OpenStack Platform 16.2,
  • Red Hat Quay 3

References

Canonical
CVE-2024-3727 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727)
Miscellaneous
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/errata/RHSA-2024:4850
https://access.redhat.com/errata/RHSA-2024:4960
https://access.redhat.com/errata/RHSA-2024:5258
https://access.redhat.com/errata/RHSA-2024:5951
https://access.redhat.com/errata/RHSA-2024:6054

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis