{"containers": {"cna": {"affected": [{"product": "quay/claircore", "vendor": "n/a", "versions": [{"status": "affected", "version": "Affects v0.4.6 and higher, v0.5.3 and higher | Fixedin claircore v0.4.8, v0.5.5."}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-03T21:41:19", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000795"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/quay/claircore/pull/478"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/quay/clair/pull/1379"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/quay/clair/pull/1380"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821"}, {"tags": ["x_refsource_MISC"], "url": "https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "quay/claircore", "version": {"version_data": [{"version_value": "Affects v0.4.6 and higher, v0.5.3 and higher | Fixedin claircore v0.4.8, v0.5.5."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2000795", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000795"}, {"name": "https://github.com/quay/claircore/pull/478", "refsource": "MISC", "url": "https://github.com/quay/claircore/pull/478"}, {"name": "https://github.com/quay/clair/pull/1379", "refsource": "MISC", "url": "https://github.com/quay/clair/pull/1379"}, {"name": "https://github.com/quay/clair/pull/1380", "refsource": "MISC", "url": "https://github.com/quay/clair/pull/1380"}, {"name": "https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821", "refsource": "MISC", "url": "https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821"}, {"name": "https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83", "refsource": "MISC", "url": "https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:08.890Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000795"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/quay/claircore/pull/478"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/quay/clair/pull/1379"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/quay/clair/pull/1380"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3762", "datePublished": "2022-03-03T21:41:19", "dateReserved": "2021-09-03T00:00:00", "dateUpdated": "2024-08-03T17:09:08.890Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:clair:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC3746AC-E2FF-414F-8707-CE382C70441B", "versionEndExcluding": "0.4.8", "versionStartIncluding": "0.4.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:clair:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A00809-457A-4305-94EF-7E523A8B1691", "versionEndExcluding": "0.5.5", "versionStartIncluding": "0.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:quay:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "414D3D0A-77F7-4D92-88D6-647F293A86B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de salto de directorio en el motor ClairCore de Clair. Un atacante puede explotar esto al suministrar una imagen de contenedor dise\u00f1ada que, cuando es escaneada por Clair, permite una escritura de archivos arbitrarios en el sistema de archivos, permitiendo potencialmente una ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2021-3762", "lastModified": "2024-11-21T06:22:21.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-03T22:15:08.467", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000795"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/clair/pull/1379"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/clair/pull/1380"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/claircore/pull/478"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000795"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/clair/pull/1379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/clair/pull/1380"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/quay/claircore/pull/478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Yanir Tsarimi (Orca Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:3665", "cpe": "cpe:/a:redhat:quay:3::el8", "impact": "important", "package": "quay/clair-rhel8:v3.5.7-8", "product_name": "Red Hat Quay 3", "release_date": "2021-09-28T00:00:00Z"}], "bugzilla": {"description": "quay/claircore: directory traversal when scanning crafted container image layer allows for arbitrary file write", "id": "2000795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000795"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-22", "details": ["A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.", "A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-3762", "public_date": "2021-09-28T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3762\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3762"], "statement": "Only a single version of Red Hat Quay, 3.5.6 is affected by this vulnerability. All previous released versions of Red Hat Quay are not affected by this vulnerability.\nThe overall vulnerability is rated as Critical for the ClairCore engine, but only rated Important for the Red Hat Quay product. In Red Hat Quay, Clair runs as the 'nobody' user in an unprivileged container, limiting the impact to modification of non-sensitives files in that container.\nRed Hat Advanced Cluster Security is not affected by this vulnerability.\nQuay.io is not affected by this vulnerability.", "threat_severity": "Critical"}

{}