{"id":"CVE-2019-10214","details":"The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.","aliases":["GHSA-85p9-j7c9-v4gr","GO-2021-0081"],"modified":"2026-05-15T12:03:49.796622982Z","published":"2019-11-25T11:15:11.120Z","related":["ALSA-2019:3403","ALSA-2019:3494","SUSE-SU-2019:2340-1","SUSE-SU-2019:2341-1","SUSE-SU-2019:2346-1","SUSE-SU-2020:0712-1","SUSE-SU-2020:3423-1","SUSE-SU-2022:0770-1","openSUSE-SU-2019:2137-1","openSUSE-SU-2019:2138-1","openSUSE-SU-2019:2143-1","openSUSE-SU-2019:2159-1","openSUSE-SU-2020:0377-1","openSUSE-SU-2020:0554-1","openSUSE-SU-2020:2106-1","openSUSE-SU-2021:0310-1","openSUSE-SU-2022:0770-1","openSUSE-SU-2024:10666-1","openSUSE-SU-2024:10699-1","openSUSE-SU-2024:11177-1","openSUSE-SU-2024:11385-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"opensuse:leap","source":"CPE_FIELD","extracted_events":[{"last_affected":"15.1"}],"cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]},{"vendor_product":"redhat:enterprise_linux","source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00035.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}