#VU64699 Incorrect authorization in imgcrypt - CVE-2022-24778
Published: June 27, 2022 / Updated: June 28, 2022
Vulnerability identifier: #VU64699
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-24778
CWE-ID: CWE-863
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
imgcrypt
imgcrypt
Software vendor:
containerd
containerd
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in imgcrypt library when checking the keys of an authorized user to access an encrypted image on systems where layers are not available and cannot run on the host architecture. A remote attacker can run an image without providing the previously decrypted keys and gain access to sensitive information.
Remediation
Install updates from vendor's website.