CVE-2024-3727

UNKNOWN

Published 2024-05-09T14:57:21.327Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-3727. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

8.3

/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.193

Higher than 19.3% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown Vendor

Unknown Product

Affected Versions:

0 5.30.0

Red Hat

OADP-1.3-RHEL-9

Affected Versions:

1.3.4-9

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-4

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-3

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-3

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-2

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-3

Red Hat

Red Hat Advanced Cluster Security 4.4

Affected Versions:

4.4.5-3

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-1

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Advanced Cluster Security 4.5

Affected Versions:

4.5.2-2

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

8100020240808093819.afee755d

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

2:1.37.2-1.el9

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

2:1.16.1-1.el9

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

2:5.2.2-1.el9

Red Hat

Red Hat Migration Toolkit for Containers 1.8

Affected Versions:

v1.8.4-22

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

3:4.4.1-14.rhaos4.13.el9

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

2:1.11.3-3.rhaos4.13.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

3:4.4.1-19.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

2:1.11.3-3.rhaos4.14.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

415.92.202409162258-0

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

3:4.4.1-30.rhaos4.15.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

2:1.11.3-4.rhaos4.15.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202410230304.p0.g366295f.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.16

Affected Versions:

4:4.9.4-5.1.rhaos4.16.el8

Red Hat

Red Hat OpenShift Container Platform 4.16

Affected Versions:

2:1.14.4-1.rhaos4.16.el8

Red Hat

Red Hat OpenShift Container Platform 4.16

Affected Versions:

0:1.29.5-7.rhaos4.16.git7db4ada.el8

Red Hat

Red Hat OpenShift Container Platform 4.16

Affected Versions:

v4.16.0-202407171536.p0.g1551101.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.16

Affected Versions:

v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.16

Affected Versions:

v4.16.0-202409231504.p0.g342902b.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.16

Affected Versions:

v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.17

Affected Versions:

v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.17

Affected Versions:

v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.17

Affected Versions:

v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.17

Affected Versions:

v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.17

Affected Versions:

v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.18

Affected Versions:

v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.18

Affected Versions:

v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.18

Affected Versions:

v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.18

Affected Versions:

v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.18

Affected Versions:

v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.18

Affected Versions:

v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9

Red Hat

RHEL-9-CNV-4.15

Affected Versions:

v4.15.5-7

Red Hat

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

github.com/containers/image allows unexpected authenticated registry accesses

GHSA-6wvf-f2vw-3425

Advisory Details

Affected Packages

Go github.com/containers/image

ECOSYSTEM: ≥0 <5.30.1

Go github.com/containers/image/v5

ECOSYSTEM: ≥5.30.0 <5.30.1

Go github.com/containers/image/v5

ECOSYSTEM: ≥0 <5.29.3

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-3727

WEB https://github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385

WEB https://github.com/containers/image/commit/e8948046055060605bd68289d406ce149590c33a

WEB https://access.redhat.com/errata/RHSA-2024:0045

WEB https://access.redhat.com/errata/RHSA-2024:9098

WEB https://access.redhat.com/errata/RHSA-2024:9102

WEB https://access.redhat.com/errata/RHSA-2024:9960

WEB https://access.redhat.com/security/cve/CVE-2024-3727

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2274767

ADVISORY https://github.com/advisories/GHSA-6wvf-f2vw-3425

PACKAGE https://github.com/containers/image

WEB https://github.com/containers/image/releases/tag/v5.29.3

WEB https://github.com/containers/image/releases/tag/v5.30.1

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN

WEB https://access.redhat.com/errata/RHSA-2024:3718

WEB https://access.redhat.com/errata/RHSA-2024:4159

WEB https://access.redhat.com/errata/RHSA-2024:4613

WEB https://access.redhat.com/errata/RHSA-2024:4850

WEB https://access.redhat.com/errata/RHSA-2024:4960

WEB https://access.redhat.com/errata/RHSA-2024:5258

WEB https://access.redhat.com/errata/RHSA-2024:5951

WEB https://access.redhat.com/errata/RHSA-2024:6054

WEB https://access.redhat.com/errata/RHSA-2024:6122

WEB https://access.redhat.com/errata/RHSA-2024:6708

WEB https://access.redhat.com/errata/RHSA-2024:6818

WEB https://access.redhat.com/errata/RHSA-2024:6824

WEB https://access.redhat.com/errata/RHSA-2024:7164

WEB https://access.redhat.com/errata/RHSA-2024:7174

WEB https://access.redhat.com/errata/RHSA-2024:7182

WEB https://access.redhat.com/errata/RHSA-2024:7187

WEB https://access.redhat.com/errata/RHSA-2024:7922

WEB https://access.redhat.com/errata/RHSA-2024:7941

WEB https://access.redhat.com/errata/RHSA-2024:8260

WEB https://access.redhat.com/errata/RHSA-2024:8425

WEB https://access.redhat.com/errata/RHSA-2024:9097

Advisory provided by GitHub Security Advisory Database. Published: May 14, 2024, Modified: February 25, 2025

References

https://access.redhat.com/errata/RHSA-2024:0045

https://access.redhat.com/errata/RHSA-2024:3718

https://access.redhat.com/errata/RHSA-2024:4159

https://access.redhat.com/errata/RHSA-2024:4613

https://access.redhat.com/errata/RHSA-2024:4850

https://access.redhat.com/errata/RHSA-2024:4960

https://access.redhat.com/errata/RHSA-2024:5258

https://access.redhat.com/errata/RHSA-2024:5951

https://access.redhat.com/errata/RHSA-2024:6054

https://access.redhat.com/errata/RHSA-2024:6122

https://access.redhat.com/errata/RHSA-2024:6708

https://access.redhat.com/errata/RHSA-2024:6818

https://access.redhat.com/errata/RHSA-2024:6824

https://access.redhat.com/errata/RHSA-2024:7164

https://access.redhat.com/errata/RHSA-2024:7174

https://access.redhat.com/errata/RHSA-2024:7182

https://access.redhat.com/errata/RHSA-2024:7187

https://access.redhat.com/errata/RHSA-2024:7922

https://access.redhat.com/errata/RHSA-2024:7941

https://access.redhat.com/errata/RHSA-2024:8260

https://access.redhat.com/errata/RHSA-2024:8425

https://access.redhat.com/errata/RHSA-2024:9097

https://access.redhat.com/errata/RHSA-2024:9098

https://access.redhat.com/errata/RHSA-2024:9102

https://access.redhat.com/errata/RHSA-2024:9960

https://access.redhat.com/security/cve/CVE-2024-3727

https://bugzilla.redhat.com/show_bug.cgi?id=2274767

Published: 2024-05-09T14:57:21.327Z

Last Modified: 2025-06-13T09:54:09.968Z

Copied to clipboard!