CGA-9cch-qj76-7mr9

Published

Last updated

Package

gpu-operator

Latest Update

Fixed

Fixed Version

24.6.0-r1

Aliases

Severity

5.2

Medium

CVSS V3

In regclient, pinned manifest digests may be ignored

A malicious registry could return a different digest for a pinned manifest without detection.

This has been fixed in the v0.7.1 release.

After running a regclient.ManifestGet, the returned digest can be compared to the requested digest.

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.