vulnerability
Rocky Linux: CVE-2019-10214: container-tools-1.0 (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Nov 25, 2019 | Mar 12, 2024 | Aug 13, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Nov 25, 2019
Added
Mar 12, 2024
Modified
Aug 13, 2025
Description
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.
Solutions
rocky-upgrade-fuse-overlayfsrocky-upgrade-fuse-overlayfs-debuginforocky-upgrade-fuse-overlayfs-debugsourcerocky-upgrade-oci-systemd-hookrocky-upgrade-oci-systemd-hook-debuginforocky-upgrade-oci-systemd-hook-debugsourcerocky-upgrade-oci-umountrocky-upgrade-oci-umount-debuginforocky-upgrade-oci-umount-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.