CVE-2020-15157 – containerd can be coerced into leaking credentials during image pull

https://notcve.org/view.php?id=CVE-2020-15157

16 Oct 2020 — In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server... • https://github.com/containerd/containerd/releases/tag/v1.2.14 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •