Vulnerability: Insecure TLS Connections in Containers/Image Library

Vulnerability: Insecure TLS Connections in Containers/Image Library

CVE-2019-10214 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.