malcontent's OCI image scanning could expose registry credentials
Description
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a WWW-Authenticate header redirecting token authentication to an attacker-controlled endpoint, causing credentials to be sent to that endpoint. Version 1.20.3 fixes the issue by defaulting to anonymous auth for OCI pulls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/chainguard-dev/malcontentGo | >= 0.10.0, < 1.20.3 | 1.20.3 |
Affected products
3- Range: v0.10.0, v0.11.0, v0.12.0, …
- ghsa-coords2 versionspkg:golang/github.com/chainguard-dev/malcontentpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
>= 0.10.0, < 1.20.3+ 1 more
- (no CPE)range: >= 0.10.0, < 1.20.3
- (no CPE)range: < 0.0.20260226T182644-150000.1.149.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-9m43-p3cx-w8j5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24845ghsaADVISORY
- github.com/chainguard-dev/malcontent/commit/538ed00cdc639d687a4bd1e843a2be0428a3b3e7ghsax_refsource_MISCWEB
- github.com/chainguard-dev/malcontent/security/advisories/GHSA-9m43-p3cx-w8j5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.