73 matches found
GHSA-742W-89GC-8M9C containerd v1.2.x can be coerced into leaking credentials during image pull
Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...
containerd v1.2.x can be coerced into leaking credentials during image pull
Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...
Medium: containerd
Issue Overview: A flaw was found in containerd. Credentials may be leaked during an image pull. CVE-2020-15157 Affected Packages: containerd Issue Correction: Run yum update containerd or yum update --advisory ALAS-2021-1555 to update your system. New Packages: src: ...
Medium: containerd
Issue Overview: A flaw was found in containerd. Credentials may be leaked during an image pull. CVE-2020-15157 Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ secti...
Medium: containerd
Issue Overview: A flaw was found in containerd. Credentials may be leaked during an image pull. CVE-2020-15157 Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for t...
DEBIAN-CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
Docker daemon crash during image pull of malicious image
...
containerd: credentials leak during image pull
A flaw was found in containerd. Credentials may be leaked during an image pull...
SUSE-SU-2021:0445-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Update Docker to 19.03.15-ce: - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem bsc1181732 - CVE-2021-21285:...
Docker < 19.03.15, 20.x < 20.10.3 Multiple Vulnerabilities
Docker is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-21285 Docker daemon crash during image pull of malicious image
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing...
CVE-2020-15157
A flaw was found in containerd. Credentials may be leaked during an image pull...
CVE-2020-15157 containerd can be coerced into leaking credentials during image pull
In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...
Vulnerability fixed in containerd
A vulnerability has been fixed in containerd, which is used by Docker and Kubernetes, among others. A malicious party could vulnerability potentially exploit it to gain access to login credentials to an internal or external image registry. To do so the malicious party must induce the user to pull...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
RHEL 7 / 8 : OpenShift Container Platform 4.5 (RHSA-2020:2413)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2413 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
containers/image: Container images read entire image manifest into memory
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
containers/image: Container images read entire image manifest into memory
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...