CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-35192

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00034/1

CVE-2024-35192: Trivy, a security scanner, is vulnerable to credential leakage when scanning container images from a malicious registry. If triggered by a malicious actor, Trivy versions prior to 0.51.2 could leak credentials for legitimate registries like AWS ECR, Google Cloud, or Azure Container Registry. These leaked tokens can be used to push/pull images, posing a significant security risk. The SVRS score of 30 indicates a moderate level of risk. While not critical, this vulnerability could still be exploited if Trivy is pointed at a crafted malicious registry. Users should update to Trivy version 0.51.2 to mitigate this risk. This is significant as it could lead to unauthorized access and manipulation of container images.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-20
LAST MODIFIED2024-05-21
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-35192 is a vulnerability in Trivy, a security scanner. It allows malicious actors to trigger Trivy to scan container images from a crafted malicious registry, resulting in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access.

Key Insights

  • The SVRS of 30 indicates a moderate risk, highlighting the need for attention and monitoring.
  • This vulnerability can lead to the compromise of sensitive credentials, potentially allowing attackers to gain access to and manipulate container images.
  • The vulnerability only affects systems where the default credential provider chain can obtain valid credentials.
  • Active exploits have not been published, but the vulnerability is actively exploited in the wild.

Mitigation Strategies

  • Update Trivy to version 0.51.2 or later.
  • Review and restrict access to container registries.
  • Implement strong credential management practices.
  • Monitor for suspicious activity and unauthorized access to container registries.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-35192 | aquasecurity trivy up to 0.51.1 Scan insufficiently protected credentials (GHSA-xcq4-m2r3-cmrj)
vuldb.com2024-05-21
CVE-2024-35192 | aquasecurity trivy up to 0.51.1 Scan insufficiently protected credentials (GHSA-xcq4-m2r3-cmrj) | A vulnerability, which was classified as problematic, has been found in aquasecurity trivy up to 0.51.1. This issue affects some unknown processing of the component Scan Handler. The manipulation leads to insufficiently protected credentials. The identification of this vulnerability is CVE-2024-35192. Attacking locally is a requirement
cve-2024-35192
domains
urls
cves

Social Media

CVE-2024-35192 Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials ... https://t.co/Onc2QS3sQG
0
0
0
CVE-2024-35192 Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could resul… https://t.co/SrlSbs3kE2
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/aquasecurity/trivy/commit/e7f14f729de259551203f313e57d2d9d3aa2ff87
[email protected]https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj

CWE Details

CWE IDCWE NameDescription
CWE-522Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence