CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

Published: Mar 3, 2022
Updated: May 9, 2024
CVE: CVE-2021-3762
GHSA: GHSA-mq47-6wwv-v79w
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
redhat / clair	0.4.6	0.4.8
redhat / clair	0.5.3	0.5.5
redhat / quay	3.5.6	3.5.6.x
github.com/quay/claircore	-	0.4.8
github.com/quay/claircore	1.0.0	1.1.0
github.com/quay/claircore	0.5.0	0.5.5

https://bugzilla.redhat.com/show_bug.cgi?id=2000795
https://github.com/quay/clair/pull/1379
https://github.com/quay/clair/pull/1380
https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821
https://github.com/quay/claircore/commit/dff671c665141f126c072de8a744855d4916c9c7
https://github.com/quay/claircore/commit/ed5f52aec1c82746725e9cc23e98316eab8be25a
https://github.com/quay/claircore/commits/v0.4.8
https://github.com/quay/claircore/commits/v0.5.5
https://github.com/quay/claircore/commits/v1.1.0
https://github.com/quay/claircore/pull/478
https://pkg.go.dev/vuln/GO-2022-0346
https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83

Vulnerability Database

289,598

CVE-2021-3762