CVE-2019-10214
published 2019-11-25CVE-2019-10214: The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| containers | image | — | — |
| debian | golang-github-containers-image | < singularity-container 3.5.0+ds1-1 (sid) | singularity-container 3.5.0+ds1-1 (sid) |
| debian | singularity-container | < singularity-container 3.5.0+ds1-1 (sid) | singularity-container 3.5.0+ds1-1 (sid) |
| github.com | containers_image | >= 0 < 3.0.0 | 3.0.0 |
| github.com | containers_image | >= 0 < 2.0.2-0.20190802080134-634605d06e73+incompatible | 2.0.2-0.20190802080134-634605d06e73+incompatible |
| opensuse | leap | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM