Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation
Vulnerability Description
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Distribution 访问控制错误漏洞
Vulnerability Description
Distribution是Distribution开源的用于打包、运输、存储和交付内容的工具集。 Distribution 3.1.0之前版本存在访问控制错误漏洞,该漏洞源于在特定配置下删除操作后可能恢复存储库的读取访问权限。
CVSS Information
N/A
Vulnerability Type
N/A