{"id":"CVE-2019-10214","details":"The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.","aliases":["GHSA-85p9-j7c9-v4gr","GO-2021-0081"],"modified":"2026-04-10T04:11:46.311978Z","published":"2019-11-25T11:15:11.120Z","related":["ALSA-2019:3403","ALSA-2019:3494","SUSE-SU-2019:2340-1","SUSE-SU-2019:2341-1","SUSE-SU-2019:2346-1","SUSE-SU-2020:0712-1","SUSE-SU-2020:3423-1","SUSE-SU-2022:0770-1","openSUSE-SU-2019:2137-1","openSUSE-SU-2019:2138-1","openSUSE-SU-2019:2143-1","openSUSE-SU-2019:2159-1","openSUSE-SU-2020:0377-1","openSUSE-SU-2020:0554-1","openSUSE-SU-2020:2106-1","openSUSE-SU-2021:0310-1","openSUSE-SU-2022:0770-1","openSUSE-SU-2024:10666-1","openSUSE-SU-2024:10699-1","openSUSE-SU-2024:11177-1","openSUSE-SU-2024:11385-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00035.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/containers/libpod","events":[{"introduced":"0"},{"last_affected":"e4b03902052294d4f342a185bb54702ed5bed8b1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.1"}]}}],"versions":["v0.2","v0.2.1","v0.8.2","v4.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10214.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}