The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer weakness CVE-2019-10214

containers/image: information disclosure via Clear Text Session

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Clear Text Session of containers/image, in order to obtain sensitive information.
Severity of this announce: 2/4.
Creation date: 10/09/2019.
Références of this computer vulnerability: 1144065, CVE-2019-10214, openSUSE-SU-2019:2137-1, openSUSE-SU-2019:2138-1, openSUSE-SU-2019:2143-1, openSUSE-SU-2019:2159-1, RHSA-2019:3403-01, RHSA-2019:3494-01, SUSE-SU-2019:2340-1, SUSE-SU-2019:2341-1, SUSE-SU-2019:2346-1, VIGILANCE-VUL-30289.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Clear Text Session of containers/image, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

This vulnerability note impacts software or systems such as openSUSE Leap, RHEL, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of LAN.

An attacker with a expert ability can exploit this computer threat note.

Solutions for this threat

openSUSE Leap 15.1: new buildah packages.
New packages are available:
  openSUSE Leap 15.1: buildah 1.7.1-lp151.2.3.1

openSUSE Leap 15.1: new podman packages.
New packages are available:
  openSUSE Leap 15.1: podman 1.4.4-lp151.3.6.1

openSUSE Leap 15: new skopeo packages.
New packages are available:
  openSUSE Leap 15.1: skopeo 0.1.32-lp151.2.3.1
  openSUSE Leap 15.0: skopeo 0.1.32-lp150.8.1

RHEL 8: new container-tools-1.0 module.
The following module is updated:
  RHEL 8 Module: container-tools:1.0

RHEL 8: new container-tools-rhel8 module.
The following module is updated:
  RHEL 8 Module: container-tools:rhel8

SUSE LE 15: new skopeo packages.
New packages are available:
  SUSE LE 15 RTM: skopeo 0.1.32-4.8.1
  SUSE LE 15 SP1: skopeo 0.1.32-4.8.1

SUSE LE 15 SP1: new buildah packages.
New packages are available:
  SUSE LE 15 SP1: buildah 1.7.1-3.3.1

SUSE LE 15 SP1: new podman packages.
New packages are available:
  SUSE LE 15 SP1: podman 1.4.4-4.11.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability watch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.