VDB
RHSA-2022%3A8827
RHSA-2022%3A8827
PUBLISHED
CVSS 7.400000095367432 HIGH
A flaw was found in the imgcrypt library when checking the keys of an authorized user to access an encrypted image on systems where layers are not available and cannot run on the host architecture. This flaw allows an attacker to run an image without providing the previously decrypted keys.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:aefb2507e2c8a68ca457c0f208ea2cc24ae52a694c03e2c85ffd172f6673f18d_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:aefb2507e2c8a68ca457c0f208ea2cc24ae52a694c03e2c85ffd172f6673f18d_amd64, advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:aefb2507e2c8a68ca457c0f208ea2cc24ae52a694c03e2c85ffd172f6673f18d_amd64 |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:cc229c86ecb3d1e1b1af479041fa8e940c61e69dbc309c8e66de7945df5cc591_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-collector-rhel8@sha256:cc229c86ecb3d1e1b1af479041fa8e940c61e69dbc309c8e66de7945df5cc591_amd64, advanced-cluster-security/rhacs-collector-rhel8@sha256:cc229c86ecb3d1e1b1af479041fa8e940c61e69dbc309c8e66de7945df5cc591_amd64 |
| Red Hat | advanced-cluster-security/rhacs-main-rhel8@sha256:82d8a9f94f291d6ee6f38668bc13e4830efc5b289754232d6e8a483043771da3_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-main-rhel8@sha256:82d8a9f94f291d6ee6f38668bc13e4830efc5b289754232d6e8a483043771da3_amd64, advanced-cluster-security/rhacs-main-rhel8@sha256:82d8a9f94f291d6ee6f38668bc13e4830efc5b289754232d6e8a483043771da3_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ca1e50768c0c619d56b99d0660bf1885164cc3982136821650479946c904d_amd64 as a component of RHACS 3.73 for RHEL 8 | *, * |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7ad85567fea6d1c1b5ca6a360cb1565184df075bad61ffc8ce5ec0595273e733_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7ad85567fea6d1c1b5ca6a360cb1565184df075bad61ffc8ce5ec0595273e733_amd64, advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7ad85567fea6d1c1b5ca6a360cb1565184df075bad61ffc8ce5ec0595273e733_amd64 |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:d496a827f223e5464a1b6c87168102df632643e1f8348a8abb1a5e9e226f00d2_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:d496a827f223e5464a1b6c87168102df632643e1f8348a8abb1a5e9e226f00d2_amd64, advanced-cluster-security/rhacs-operator-bundle@sha256:d496a827f223e5464a1b6c87168102df632643e1f8348a8abb1a5e9e226f00d2_amd64 |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:83b7562687545ba41fedd5f5d6ed5403fe7a3a5cac3110e711cbe46dad2d26fd_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:83b7562687545ba41fedd5f5d6ed5403fe7a3a5cac3110e711cbe46dad2d26fd_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:38b7030affee05fd8cd8e947b89ff8b40962af45267e2ec0143f827c8e33eca3_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:38b7030affee05fd8cd8e947b89ff8b40962af45267e2ec0143f827c8e33eca3_amd64, advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:38b7030affee05fd8cd8e947b89ff8b40962af45267e2ec0143f827c8e33eca3_amd64 |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:1ef51b3cd89d4da166d8b9e1582fa7c0fc5415e0eb2f2c8ab18ec704d2bd74d8_amd64 as a component of RHACS 3.73 for RHEL 8 | *, advanced-cluster-security/rhacs-rhel8-operator@sha256:1ef51b3cd89d4da166d8b9e1582fa7c0fc5415e0eb2f2c8ab18ec704d2bd74d8_amd64 |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61f027ae531f3e23f2394e7f93c397eda14ce1ad93e8c19d463cd301464147b5_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61f027ae531f3e23f2394e7f93c397eda14ce1ad93e8c19d463cd301464147b5_amd64, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61f027ae531f3e23f2394e7f93c397eda14ce1ad93e8c19d463cd301464147b5_amd64 |
| Red Hat | advanced-cluster-security/rhacs-docs-rhel8@sha256:87bf4d7e041d6e3197b1c23c58061f877434f6e550ddf516b6512be5309f89c3_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-docs-rhel8@sha256:87bf4d7e041d6e3197b1c23c58061f877434f6e550ddf516b6512be5309f89c3_amd64, advanced-cluster-security/rhacs-docs-rhel8@sha256:87bf4d7e041d6e3197b1c23c58061f877434f6e550ddf516b6512be5309f89c3_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2dd59fe0134c5d2f239d6f96d6876ac687e0490e52ab41647842e3244623480c_amd64 as a component of RHACS 3.73 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2dd59fe0134c5d2f239d6f96d6876ac687e0490e52ab41647842e3244623480c_amd64, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2dd59fe0134c5d2f239d6f96d6876ac687e0490e52ab41647842e3244623480c_amd64 |
Timeline
- Dec 6, 2022 CVE Published
- May 1, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:8827 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://docs.openshift.com/acs/3.73/release_notes/373-release-notes.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2069368 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2128820 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8827.json advisory
- https://access.redhat.com/security/cve/CVE-2022-24778 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-24778 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-24778 advisory
- https://github.com/containerd/imgcrypt/security/advisories/GHSA-8v99-48m9-c8pm advisory
- https://access.redhat.com/security/cve/CVE-2022-36056 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-36056 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-36056 advisory
- https://github.com/sigstore/cosign/security/advisories/GHSA-8gw7-4j42-w388 advisory