data/reports/GO-2021-0081.yaml - vulndb - Git at Google

 modules:
   - module: github.com/containers/image
     versions:
       - fixed: 2.0.2-0.20190802080134-634605d06e73+incompatible
     packages:
       - package: github.com/containers/image/docker
         symbols:
           - dockerClient.getBearerToken
 description: |
     The HTTP client used to connect to the container registry authorization
     service explicitly disables TLS verification, allowing an attacker that
     is able to MITM the connection to steal credentials.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2019-10214
 ghsas:
   - GHSA-85p9-j7c9-v4gr
 references:
   - fix: https://github.com/containers/image/pull/669
   - fix: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
   - web: https://github.com/containers/image/issues/654
   - web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
	modules:
	- module: github.com/containers/image
	versions:
	- fixed: 2.0.2-0.20190802080134-634605d06e73+incompatible
	packages:
	- package: github.com/containers/image/docker
	symbols:
	- dockerClient.getBearerToken
	description: \|
	The HTTP client used to connect to the container registry authorization
	service explicitly disables TLS verification, allowing an attacker that
	is able to MITM the connection to steal credentials.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-10214
	ghsas:
	- GHSA-85p9-j7c9-v4gr
	references:
	- fix: https://github.com/containers/image/pull/669
	- fix: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
	- web: https://github.com/containers/image/issues/654
	- web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214