{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35192", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-10T14:24:24.342Z", "datePublished": "2024-05-20T20:36:56.695Z", "dateUpdated": "2024-08-02T03:07:47.025Z"}, "containers": {"cna": {"title": "Trivy possibly leaks registry credential when scanning images from malicious registries", "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "lang": "en", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj"}, {"name": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87", "tags": ["x_refsource_MISC"], "url": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87"}], "affected": [{"vendor": "aquasecurity", "product": "trivy", "versions": [{"version": "< 0.51.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-20T20:36:56.695Z"}, "descriptions": [{"lang": "en", "value": "Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Systems are not affected if the default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when scanning container images directly from a registry. This vulnerability is fixed in 0.51.2."}], "source": {"advisory": "GHSA-xcq4-m2r3-cmrj", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35192", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T17:56:05.243388Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:16.475Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:47.025Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj"}, {"name": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj", "name": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87", "name": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:47.025Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35192", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T17:56:05.243388Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-21T17:56:11.443Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Trivy possibly leaks registry credential when scanning images from malicious registries", "source": {"advisory": "GHSA-xcq4-m2r3-cmrj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "aquasecurity", "product": "trivy", "versions": [{"status": "affected", "version": "< 0.51.2"}]}], "references": [{"url": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj", "name": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87", "name": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Systems are not affected if the default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when scanning container images directly from a registry. This vulnerability is fixed in 0.51.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-20T20:36:56.695Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35192", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:07:47.025Z", "dateReserved": "2024-05-10T14:24:24.342Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-20T20:36:56.695Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Systems are not affected if the default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when scanning container images directly from a registry. This vulnerability is fixed in 0.51.2."}, {"lang": "es", "value": "Trivy es un esc\u00e1ner de seguridad. Antes de la versi\u00f3n 0.51.2, si un actor malicioso puede activar Trivy para escanear im\u00e1genes de contenedores desde un registro malicioso manipulado, podr\u00eda resultar en la fuga de credenciales para registros leg\u00edtimos como AWS Elastic Container Registry (ECR), Google Cloud Artifact/ Registro de contenedores o Registro de contenedores de Azure (ACR). Estos tokens se pueden usar para enviar/extraer im\u00e1genes de aquellos registros a los que tiene acceso la identidad/usuario que ejecuta Trivy. Los sistemas no se ven afectados si la cadena de proveedores de credenciales predeterminada no puede obtener credenciales v\u00e1lidas. Esta vulnerabilidad solo se aplica al escanear im\u00e1genes de contenedores directamente desde un registro. Esta vulnerabilidad se solucion\u00f3 en 0.51.2."}], "id": "CVE-2024-35192", "lastModified": "2024-11-21T09:19:54.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-20T21:15:09.550", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87"}, {"source": "security-advisories@github.com", "url": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}