logo
DATABASE RESOURCES PRICING ABOUT US

Information Disclosure

Description

containerd is vulnerable to information disclosure. The containerd resolver sends the authentication credentials when it follows a URL to attempt to download a specific image layer. An attacker is able to exploit this behavior to obtain the authentication credentials by publishing a public image with a manifest that redirects the layers to a third-party address.


Affected Software


CPE Name Name Version
docker.io:devel 19.03.11-0ubuntu2
docker.io:devel 19.03.11-0ubuntu3
docker.io:bionic 19.03.6-0ubuntu1~18.04.1
docker.io:bionic 18.09.7-0ubuntu1~18.04.4
docker.io:bionic 17.12.1-0ubuntu1
containerd:xenial 1.2.6-0ubuntu1~16.04.3
docker.io:focal 19.03.8-0ubuntu1
docker.io:focal 19.03.8-0ubuntu1.20.04
docker.io:xenial 18.09.7-0ubuntu1~16.04.5
docker.io:xenial 1.10.3-0ubuntu6
github.com/containerd/containerd 1.2.13
github.com/containerd/containerd 1.0.0-alpha0
docker.io:bullseye 19.03.13+dfsg1-3
docker.io:buster 18.09.1+dfsg1-7.1+deb10u2
docker.io:devel 19.03.11-0ubuntu2
docker.io:devel 19.03.11-0ubuntu3
docker.io:bionic 19.03.6-0ubuntu1~18.04.1
docker.io:bionic 18.09.7-0ubuntu1~18.04.4
docker.io:bionic 17.12.1-0ubuntu1
containerd:xenial 1.2.6-0ubuntu1~16.04.3
docker.io:focal 19.03.8-0ubuntu1
docker.io:focal 19.03.8-0ubuntu1.20.04
docker.io:xenial 18.09.7-0ubuntu1~16.04.5
docker.io:xenial 1.10.3-0ubuntu6
github.com/containerd/containerd 1.2.13
github.com/containerd/containerd 1.0.0-alpha0
docker.io:bullseye 19.03.13+dfsg1-3
docker.io:buster 18.09.1+dfsg1-7.1+deb10u2

Related