VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-vsk2-k3mh-aaah

Essentials
Severities (129)
References (49)
Severity details (32)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-vsk2-k3mh-aaah
Aliases	CVE-2021-41190 GHSA-mc8v-mgrf-8f4m
Summary	The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0055
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0687
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1476
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1734
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:4668
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:4880
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4956
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5069
cvssv3	5.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41190.json
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00224	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2021-41190
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=2024938
cvssv3.1	5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.0	https://github.com/opencontainers/distribution-spec
generic_textual	LOW	https://github.com/opencontainers/distribution-spec
cvssv3.1	3.0	https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923
generic_textual	LOW	https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923
cvssv3.1	3.0	https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
generic_textual	LOW	https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV
cvssv3.1	3.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX
generic_textual	LOW	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX
cvssv2	4.0	https://nvd.nist.gov/vuln/detail/CVE-2021-41190
cvssv3	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-41190
cvssv3.1	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-41190
archlinux	Medium	https://security.archlinux.org/AVG-2573
archlinux	Medium	https://security.archlinux.org/AVG-2574
archlinux	Medium	https://security.archlinux.org/AVG-2591
cvssv3.1	3.0	http://www.openwall.com/lists/oss-security/2021/11/19/10
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2021/11/19/10

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41190.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-41190
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/opencontainers/distribution-spec
		https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923
		https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX/
		http://www.openwall.com/lists/oss-security/2021/11/19/10
2024938		https://bugzilla.redhat.com/show_bug.cgi?id=2024938
AVG-2573		https://security.archlinux.org/AVG-2573
AVG-2574		https://security.archlinux.org/AVG-2574
AVG-2591		https://security.archlinux.org/AVG-2591
cpe:2.3:a:linuxfoundation:open_container_initiative_distribution_specification::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:open_container_initiative_distribution_specification::::::::
cpe:2.3:a:linuxfoundation:open_container_initiative_image_format_specification::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:open_container_initiative_image_format_specification::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2021-41190		https://nvd.nist.gov/vuln/detail/CVE-2021-41190
RHSA-2022:0055		https://access.redhat.com/errata/RHSA-2022:0055
RHSA-2022:0687		https://access.redhat.com/errata/RHSA-2022:0687
RHSA-2022:1476		https://access.redhat.com/errata/RHSA-2022:1476
RHSA-2022:1734		https://access.redhat.com/errata/RHSA-2022:1734
RHSA-2022:4668		https://access.redhat.com/errata/RHSA-2022:4668
RHSA-2022:4880		https://access.redhat.com/errata/RHSA-2022:4880
RHSA-2022:4956		https://access.redhat.com/errata/RHSA-2022:4956
RHSA-2022:5069		https://access.redhat.com/errata/RHSA-2022:5069
RHSA-2022:7457		https://access.redhat.com/errata/RHSA-2022:7457

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41190.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://github.com/opencontainers/distribution-spec

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41190

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41190

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41190

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2021/11/19/10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.42451
EPSS Score	0.00101
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.