blob: 8d960eb638aed3c097fcecd4bafac8b8ec1c1672 [file] [log] [blame]
module: github.com/containers/image
package: github.com/containers/image/docker
versions:
- fixed: v2.0.2-0.20190802080134-634605d06e73+incompatible
description: |
The HTTP client used to connect to the container registry authorization
service explicitly disables TLS verification, allowing an attacker that
is able to MITM the connection to steal credentials.
published: 2021-04-14T12:00:00Z
cve: CVE-2019-10214
symbols:
- dockerClient.getBearerToken
links:
pr: https://github.com/containers/image/pull/669
commit: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
context:
- https://github.com/containers/image/issues/654
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214