Vulnerability Report: GO-2021-0081

CVE-2019-10214, GHSA-85p9-j7c9-v4gr
Affects: github.com/containers/image
Published: Apr 14, 2021
Modified: Jun 12, 2023

The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials.

Affected Packages

Path

Versions

Symbols
github.com/containers/image/docker

before v2.0.2-0.20190802080134-634605d06e73+incompatible
6 affected symbols

Aliases

CVE-2019-10214
GHSA-85p9-j7c9-v4gr

References

https://github.com/containers/image/pull/669
https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
https://github.com/containers/image/issues/654
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
https://vuln.go.dev/ID/GO-2021-0081.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL