Insufficiently Protected Credentials

CVE-2019-10214

Medium

5.9/10

Summary

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

Advisory
Issue
Pull request
Issue

Advisory Timeline

Published Nov 25, 2019

Insufficiently Protected Credentials

CVE-2019-10214

Summary

CWE-522 - Insufficiently Protected Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS