blob: 33c9e234038a6efe37eb5f14465025713c011900 [file] [log] [blame]
packages:
- module: github.com/containers/image
package: github.com/containers/image/docker
symbols:
- dockerClient.getBearerToken
versions:
- fixed: 2.0.2-0.20190802080134-634605d06e73+incompatible
description: |
The HTTP client used to connect to the container registry authorization
service explicitly disables TLS verification, allowing an attacker that
is able to MITM the connection to steal credentials.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2019-10214
ghsas:
- GHSA-85p9-j7c9-v4gr
links:
pr: https://github.com/containers/image/pull/669
commit: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
context:
- https://github.com/containers/image/issues/654
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214