CVE-2024-3727

Published: May 10, 2024Last modified: September 30, 2025

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Severity score breakdown

Parameter	Value
Base score	8.3
Attack Vector	NETWORK
Attack complexity	HIGH
Privileges required	NONE
User interaction	REQUIRED
Scope	CHANGED
Confidentiality	HIGH
Integrity impact	HIGH
Availability impact	HIGH
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	buildah	Fixed (1.37.5-r0)
		podman	Fixed (5.2.5-r0)
		skopeo	Unknown (1.10.0-r2)
	Stream	buildah	Fixed (1.35.4-r0)
		podman	Fixed (5.0.3-r0)
		skopeo	Fixed (1.15.1-r0)

References

https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/errata/RHSA-2024:3718
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/errata/RHSA-2024:4850
https://access.redhat.com/errata/RHSA-2024:4960
https://access.redhat.com/errata/RHSA-2024:5258
https://access.redhat.com/errata/RHSA-2024:5951
https://access.redhat.com/errata/RHSA-2024:6054
https://access.redhat.com/errata/RHSA-2024:6122
https://access.redhat.com/errata/RHSA-2024:6708
https://access.redhat.com/errata/RHSA-2024:6818
https://access.redhat.com/errata/RHSA-2024:6824
https://access.redhat.com/errata/RHSA-2024:7164
https://access.redhat.com/errata/RHSA-2024:7174
https://access.redhat.com/errata/RHSA-2024:7182
https://access.redhat.com/errata/RHSA-2024:7187
https://access.redhat.com/errata/RHSA-2024:7922
https://access.redhat.com/errata/RHSA-2024:7941
https://access.redhat.com/errata/RHSA-2024:8260
https://access.redhat.com/errata/RHSA-2024:8425
https://access.redhat.com/errata/RHSA-2024:9097
https://access.redhat.com/errata/RHSA-2024:9098
https://access.redhat.com/errata/RHSA-2024:9102
https://access.redhat.com/errata/RHSA-2024:9960
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://lists.fedoraproject.org/archives/list/[email protected]/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
https://lists.fedoraproject.org/archives/list/[email protected]/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
https://lists.fedoraproject.org/archives/list/[email protected]/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
https://lists.fedoraproject.org/archives/list/[email protected]/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
https://lists.fedoraproject.org/archives/list/[email protected]/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
https://lists.fedoraproject.org/archives/list/[email protected]/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/

Download Alpaquita Linux

Download Liberica JDK

Download Liberica Native Image Kit

Alpaquita Cloud
Native Platform

Pricing

Alpaquita

Containers for Spring Boot

Liberica JDK

Liberica JDK 6&7

Liberica JDK for Embedded

Liberica JDK
Performance Edition

Liberica JDK with CRaC

Liberica Native Image Kit

Liberica Mission Control

Liberica Administration Center

Blog

Documentation

Content Library

Support for Liberica JDK

Support for Alpaquita Linux

Support for Liberica Native Image Kit

Company

Newsroom

Careers

CVE-2024-3727

Description

Severity score breakdown

Status

References

Download Alpaquita Linux

Download Liberica JDK

Download Liberica Native Image Kit

Alpaquita Cloud Native Platform

Pricing

Alpaquita

Containers for Spring Boot

Liberica JDK

Liberica JDK 6&7

Liberica JDK for Embedded

Liberica JDKPerformance Edition

Liberica JDK with CRaC

Liberica Native Image Kit

Liberica Mission Control

Liberica Administration Center

Blog

Documentation

Content Library

Support for Liberica JDK

Support for Alpaquita Linux

Support for Liberica Native Image Kit

Company

Newsroom

Careers

CVE-2024-3727

Description

Severity score breakdown

Status

References

Alpaquita Cloud
Native Platform

Liberica JDK
Performance Edition