CVE-2015-1843

Name of the Vulnerable Software and Affected Versions Red Hat docker package versions prior to 1.5.0-28

Description The issue allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. This occurs when the Red Hat docker package falls back to HTTP after an HTTPS connection to the registry fails, specifically when using the --add-registry option.

Recommendations For versions prior to 1.5.0-28, update to version 1.5.0-28 or later to resolve the issue.