<p>Upgrade <code>Centos:8</code> <code>skopeo-tests</code> to version 2:1.14.5-3.module+el8.10.0+22202+761b9a65 or higher.</p>

Improper Validation of Integrity Check Value Affecting skopeo-tests package, versions <2:1.14.5-3.module+el8.10.0+22202+761b9a65

Threat Intelligence

0.05% (19^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-CENTOS8-SKOPEOTESTS-6833700
published 10 May 2024
disclosed 9 May 2024

Report a new vulnerability Found a mistake?

Introduced: 9 May 2024

CVE-2024-3727 Open this link in a new tab CWE-354 Open this link in a new tab

How to fix?

Upgrade Centos:8 skopeo-tests to version 2:1.14.5-3.module+el8.10.0+22202+761b9a65 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream skopeo-tests package and not the skopeo-tests package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

Required

Scope (S)

Changed

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High

Improper Validation of Integrity Check Value Affecting skopeo-tests package, versions <2:1.14.5-3.module+el8.10.0+22202+761b9a65

Severity

Based on CentOS security rating