Published: 03/03/2022 Updated: 30/01/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat clair
redhat quay 3.5.6

A directory traversal vulnerability was found in the ClairCore engine of Clair An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution ...

CWE-22 https://bugzilla.redhat.com/show_bug.cgi?id=2000795 https://github.com/quay/clair/pull/1380 https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821 https://github.com/quay/claircore/pull/478 https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83 https://github.com/quay/clair/pull/1379 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-3762

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-3762

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect