Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10214

Опубликовано: 09 сент. 2019
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 4podmanAffected
Red Hat OpenShift Container Platform 4skopeoAffected
Red Hat Enterprise Linux 8container-toolsFixedRHSA-2019:340305.11.2019
Red Hat Enterprise Linux 8container-toolsFixedRHSA-2019:349405.11.2019
Red Hat OpenShift Container Platform 3.10atomic-openshiftFixedRHSA-2019:298914.10.2019
Red Hat OpenShift Container Platform 3.10cri-oFixedRHSA-2019:298914.10.2019
Red Hat OpenShift Container Platform 3.11cri-oFixedRHSA-2019:281723.09.2019
Red Hat OpenShift Container Platform 3.9cri-oFixedRHSA-2019:381207.11.2019
Red Hat OpenShift Container Platform 4.1cri-oFixedRHSA-2019:282525.09.2019
Red Hat OpenShift Container Platform 4.1openshift4/ose-docker-builderFixedRHSA-2019:300716.10.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1732508containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure

EPSS

Процентиль: 48%
0.00246
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10214

CVSS3: 5.9
ubuntu
больше 5 лет назад

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

nvd логотип

CVE-2019-10214

CVSS3: 5.9
nvd
больше 5 лет назад

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

debian логотип

CVE-2019-10214

CVSS3: 5.9
debian
больше 5 лет назад

The containers/image library used by the container tools Podman, Build ...

suse-cvrf логотип

openSUSE-SU-2020:0377-1

suse-cvrf
около 5 лет назад

Security update for skopeo

suse-cvrf логотип

openSUSE-SU-2019:2159-1

suse-cvrf
больше 5 лет назад

Security update for skopeo

EPSS

Процентиль: 48%
0.00246
Низкий

6.4 Medium

CVSS3