2 matches found
SUSE CVE-2015-1843
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
Red Hat docker HTTP degradation vulnerability
Docker is an open-source application container engine that allows developers to package their applications, as well as dependency packages, into a portable container that can then be distributed to any popular Linux machine, as well as virtualized. Red Hat docker package with the --add-registry...