Main Vulnerability Database SB2021092914

SB2021092914 - Path traversal in ClairCore for Quay

Published: September 29, 2021

Security Bulletin ID SB2021092914

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2021-3762)

The vulnerability allows a remote attacker to write arbitrary files to the system.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can supply a specially crafted container image which, when scanned by Clair, will allow to write arbitrary files on he filesystem.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2000795