AgenceEvana
Back to bulletins
Medium2024-05-20CVSS 5.5CVE-2024-35192 (2024-05-20)trivycredentialscontainerregistry

Trivy Registry Credential Leakage When Scanning Malicious Registries

A credential exposure flaw in Trivy allows attackers to extract legitimate cloud registry credentials when Trivy is tricked into scanning images from a malicious registry.

Context

Trivy transmits authentication credentials when scanning container images directly from a registry. A flaw referenced as CVE-2024-35192 (GHSA-xcq4-m2r3-cmrj, CWE-522) allows an attacker-controlled registry to intercept those credentials.

Vulnerability

When Trivy scans container images directly from a registry, it transmits authentication credentials through a method susceptible to interception. An attacker can exploit this by:

  1. Setting up a crafted malicious container registry.
  2. Inducing the target to scan an image hosted there (e.g., via a pull request that references the malicious image).

If the target system has valid cloud credentials accessible via default credential provider chains, those credentials are leaked:

  • AWS: environment variables, EKS/IRSA role assumptions
  • GCP: Application Default Credentials
  • Azure: managed identity credentials

Impact

  • Compromised credentials could allow the attacker to push or pull images from the victim's legitimate registries (AWS ECR, GCP Artifact/Container Registry, Azure ACR).
  • Only affects scanning images directly from registries — scanning locally-pulled images through Docker or containerd is not affected.

Remediation

  1. Upgrade to Trivy v0.51.2 or later, which fixes the credential handling.
  2. Restrict image scanning to trusted registries only.
  3. Use the --image-src flag to enforce scanning from trusted sources.