← Retour aux CVEs

CVE-2021-41092

MEDIUM

5.4

Description

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

Details CVE

Score CVSS v3.15.4

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisHIGH

Interaction utilisateurREQUIRED

Publie10/4/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

docker:command_line_interfacefedoraproject:fedora

Faiblesses (CWE)

CWE-200CWE-522

References

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf(security-advisories@github.com)

https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b(security-advisories@github.com)

https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v(security-advisories@github.com)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/(security-advisories@github.com)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/(security-advisories@github.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.