CVE-2022-34372

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Cyber Recovery versions prior to 19.11.0.2

Description The issue is related to an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API, leading to an authentication bypass. This could allow the attacker to alter docker images, resulting in a loss of integrity and confidentiality.

Recommendations For versions prior to 19.11.0.2, update to version 19.11.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the docker registry API to minimize the risk of exploitation.