Published: 25/03/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions before 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation imgcrypt
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36

Several security issues were fixed in containerd ...

Synopsis Low: RHACS 373 enhancement and security update Type/Severity Security Advisory: Low Topic Updated images are now available for Red Hat Advanced Cluster Security (RHACS) The updated image includes new features and bug fixesRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scor ...

Synopsis Important: Red Hat Advanced Cluster Management 25 security updates, images, and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 250 is now generally availableRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability ...

Synopsis Moderate: Red Hat Advanced Cluster Management 243 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 243 General Availability release images This update provides security fixes, bug fixes, and updates the container imagesRed Hat Product Security has ...

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent ...

CWE-863 https://github.com/containerd/imgcrypt/releases/tag/v1.1.4 https://github.com/containerd/imgcrypt/security/advisories/GHSA-8v99-48m9-c8pm https://github.com/containerd/imgcrypt/issues/69 https://github.com/containerd/imgcrypt/commit/6fdd9818a4d8142107b7ecd767d839c9707700d9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFTJR5CR5EOYDVOSBZEMLBHLJRTPJPUA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAHAAOOA3KZJC2I5WHCR3XVBJBNWTWUE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4SJUNSC7YZLA745EMKWK2GKEV57GE52K/https://ubuntu.com/security/notices/USN-5776-1 https://nvd.nist.gov

CVE-2022-24778

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect