CVE-2019-10214 MEDIUM

CVE-2019-10214

Vendor N/A
Product containers/image
Weakness CWE-522 · Insufficiently protected credentials
Published November 25, 2019
Last update August 4, 2024

CVSS base score

6.4/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

Key dates

02Disclosure timeline

November 25, 2019 CVE published
August 4, 2024 Record updated