HIGH SeverityCVSS 3.18.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE-2024-3727

Last updated Feb 27, 2026 · Published May 09, 2024

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Affected products

1 listed

Red Hat:Multicluster Engine for Kubernetes; Red Hat:OADP-1.3-RHEL-9; Red Hat:OpenShift Developer Tools and Services; Red Hat:OpenShift Serverless; Red Hat:OpenShift Source-to-Image (S2I); Red Hat:RHEL-9-CNV-4.15; Red Hat:Red Hat Advanced Cluster Management for Kubernetes 2; Red Hat:Red Hat Advanced Cluster Security 3; Red Hat:Red Hat Advanced Cluster Security 4.4; Red Hat:Red Hat Advanced Cluster Security 4.5; Red Hat:Red Hat Ansible Automation Platform 1.2; Red Hat:Red Hat Ansible Automation Platform 2; Red Hat:Red Hat Enterprise Linux 10; Red Hat:Red Hat Enterprise Linux 7; Red Hat:Red Hat Enterprise Linux 8; Red Hat:Red Hat Enterprise Linux 9; Red Hat:Red Hat Migration Toolkit for Containers 1.8; Red Hat:Red Hat OpenShift Container Platform 3.11; Red Hat:Red Hat OpenShift Container Platform 4; Red Hat:Red Hat OpenShift Container Platform 4.13; Red Hat:Red Hat OpenShift Container Platform 4.14; Red Hat:Red Hat OpenShift Container Platform 4.15; Red Hat:Red Hat OpenShift Container Platform 4.16; Red Hat:Red Hat OpenShift Container Platform 4.17; Red Hat:Red Hat OpenShift Container Platform 4.18; Red Hat:Red Hat OpenShift Container Platform Assisted Installer 1; Red Hat:Red Hat OpenShift Dev Spaces; Red Hat:Red Hat OpenShift Virtualization 4; Red Hat:Red Hat OpenStack Platform 16.2; Red Hat:Red Hat Openshift Sandboxed Containers; Red Hat:Red Hat Quay 3

Mappings

CWE

CWE-354

CAPEC

None listed.