PT-2019-11638 · Red Hat+4 · Skopeo+10
Marian Rehak
+1
·
Published
2019-09-10
·
Updated
2024-06-15
·
CVE-2019-10214
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions:
containers/image library used by Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8
CRI-O in OpenShift Container Platform
Description:
The issue concerns the containers/image library, which does not enforce TLS connections to the container registry authorization service. This allows an attacker to launch a Man-in-the-Middle (MiTM) attack, potentially stealing login credentials or bearer tokens. The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, making it vulnerable to such attacks.
Recommendations:
For Red Hat Enterprise Linux version 8, update the containers/image library to a version that enforces TLS connections.
For OpenShift Container Platform, update CRI-O to a version that enforces TLS connections.
As a temporary workaround, consider restricting access to the container registry authorization service to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Buildah
Cri-O
Centos
Openshift Container Platform
Podman
Red Hat
Rocky Linux
Skopeo
Suse
Containers/Image Library