← Back

CVE-2019-10214

nvd nist
Published: Nov 25, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

Affected (6)

Show all products
Buildah Project: Buildah · Libpod Project: Libpod · Redhat: Enterprise Linux, Openshift Container Platform · Skopeo Project: Skopeo · Opensuse: Leap
Buildah Project
1 product
Buildah
Libpod Project
1 product
Libpod
Redhat
2 products
Enterprise Linux
Openshift Container Platform
Skopeo Project
1 product
Skopeo
Opensuse
1 product
Leap
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Buildah
All versions
Libpod
All versions
Enterprise Linux
Version 8.0
Openshift Container Platform
Version 4.1
Skopeo
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 15.1

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory

Timeline

No history available yet.