PT-2019-11638 · Red Hat+4 · Skopeo+10
Marian Rehak
+1
·
Publicado
2019-09-10
·
Atualizado
2024-06-15
·
CVE-2019-10214
CVSS v3.1
7.0
Alta
| Vetor | AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions:
containers/image library used by Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8
CRI-O in OpenShift Container Platform
Description:
The issue concerns the containers/image library, which does not enforce TLS connections to the container registry authorization service. This allows an attacker to launch a Man-in-the-Middle (MiTM) attack, potentially stealing login credentials or bearer tokens. The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, making it vulnerable to such attacks.
Recommendations:
For Red Hat Enterprise Linux version 8, update the containers/image library to a version that enforces TLS connections.
For OpenShift Container Platform, update CRI-O to a version that enforces TLS connections.
As a temporary workaround, consider restricting access to the container registry authorization service to minimize the risk of exploitation.
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Almalinux
Buildah
Cri-O
Centos
Openshift Container Platform
Podman
Red Hat
Rocky Linux
Skopeo
Suse
Containers/Image Library