CVE-2019-10214 – github.com/containers/image

Package

Manager: go
Name: github.com/containers/image
Vulnerable Version: >=0 <3.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00321 pctl0.54535

Details

containers/image library Insufficiently Protects Credentials The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

Metadata

Created: 2022-02-15T01:57:18Z
Modified: 2024-05-20T19:46:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-85p9-j7c9-v4gr/GHSA-85p9-j7c9-v4gr.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-85p9-j7c9-v4gr
Finding: F035
Auto approve: 1