CVE-2022-24778: imgcrypt <1.1.4

containerd / nri

Node Resource Interface

Apache License 2.0

220 stars 58 forks source link

CVE-2022-24778: imgcrypt <1.1.4 #18

Closed kaovilai closed 1 year ago

kaovilai commented 1 year ago

https://nvd.nist.gov/vuln/detail/CVE-2022-24778

~/git/nri main
❯ go mod graph | grep imgcrypt@v1.0                    
github.com/containerd/containerd@v1.5.0-beta.3 github.com/containerd/imgcrypt@v1.0.4-0.20210301171431-0ae5c75f59ba

kaovilai commented 1 year ago

Ignore CheckAuthorization() not referenced.

https://github.com/containerd/imgcrypt/blob/f888c8146fcb0aede3d8290ab538b0953097a62c/images/encryption/encryption.go#L491-L503