公告ID: KYLIN-2019-10214
安全等级: 中等
产品: Kylin V3
发布日期: 2019年9月9日
CVE: CVE-2019-10214
CVSS3评分: 6.4
概述:
Kylin Enterprise Linux 8: This vulnerability is currently targeted to be addressed in an upcoming release. Kylin OpenShift Container Platform 3.10: This vulnerability is currently targeted to be addressed in an upcoming release. Kylin OpenShift Container Platform 3.11: This vulnerability is currently targeted to be addressed in an upcoming release. Kylin OpenShift Container Platform 3.9: This vulnerability is currently targeted to be addressed in an upcoming release. Kylin OpenShift Container Platform 4.1: This vulnerability is currently targeted to be addressed in an upcoming release. 描述:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. The containers/image library used by the container tools Podman, Buildah, and Skopeo in Kylin Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens. 系统版本:
KYLIN 3.4.x
KYLIN 3.4.x
KYLIN 3.4.x
KYLIN 3.4.x
KYLIN 3.4.x
KYLIN 3.4.x
受影响包列表:
container-tools:1.0/buildah
container-tools:1.0/podman
container-tools:1.0/skopeo
container-tools:rhel8/buildah
container-tools:rhel8/podman
container-tools:rhel8/skopeo