Your submission was sent successfully! Close

CVE-2019-10214

Published: 25 November 2019

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
golang-github-containers-image
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Not vulnerable
(debian: Vulnerable version was never in unstable)
xenial Does not exist

singularity-container
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (3.5.0+ds1-1)
xenial Does not exist