Medium severity5.9NVD Advisory· Published Nov 25, 2019· Updated Jun 17, 2026
CVE-2019-10214
CVE-2019-10214
Description
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/containers/imageGo | < 3.0.0 | 3.0.0 |
Affected products
27- Red Hat/containers/imagedescription
- ghsa-coords26 versionspkg:golang/github.com/containers/imagepkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/oci-systemd-hookpkg:rpm/almalinux/oci-umountpkg:rpm/opensuse/buildah&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/buildah&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/buildah&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/buildah&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cri-o&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cri-o&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cri-tools&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/go1.14&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/kubernetes&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libcontainers-common&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/podman&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/skopeo&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/skopeo&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/skopeo&distro=openSUSE%20Tumbleweedpkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP2pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/skopeo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/skopeo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1
< 3.0.0+ 25 more
- (no CPE)range: < 3.0.0
- (no CPE)range: < 0.3-5.module_el8.3.0+2044+12421f43
- (no CPE)range: < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
- (no CPE)range: < 2:2.3.4-2.git87f9237.module_el8.5.0+119+9a9ec082
- (no CPE)range: < 1.7.1-lp151.2.3.1
- (no CPE)range: < 1.19.2-lp152.2.3.1
- (no CPE)range: < 1.23.1-150300.8.3.1
- (no CPE)range: < 1.23.0-1.1
- (no CPE)range: < 1.17.1-lp151.2.2
- (no CPE)range: < 1.22.0-1.2
- (no CPE)range: < 1.18.0-lp151.2.1
- (no CPE)range: < 1.14-lp151.6.1
- (no CPE)range: < 1.18.0-lp151.5.1
- (no CPE)range: < 20210112-lp152.2.6.1
- (no CPE)range: < 1.4.4-lp151.3.6.1
- (no CPE)range: < 2.2.1-lp152.4.9.1
- (no CPE)range: < 3.3.1-2.1
- (no CPE)range: < 0.1.32-lp150.8.1
- (no CPE)range: < 0.1.32-lp151.2.3.1
- (no CPE)range: < 1.2.3-1.2
- (no CPE)range: < 1.7.1-3.3.1
- (no CPE)range: < 1.17.0-3.6.1
- (no CPE)range: < 1.23.1-150300.8.3.1
- (no CPE)range: < 1.4.4-4.11.1
- (no CPE)range: < 0.1.32-4.8.1
- (no CPE)range: < 0.1.32-4.8.1
Patches
Vulnerability mechanics
References
11- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchVendor AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00035.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.htmlnvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-85p9-j7c9-v4grghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10214ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aafghsaWEB
- github.com/containers/image/issues/654ghsaWEB
- github.com/containers/image/pull/655ghsaWEB
- github.com/containers/image/pull/669ghsaWEB
- pkg.go.dev/vuln/GO-2021-0081ghsaWEB
News mentions
0No linked articles in our index yet.