CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41092 – Docker CLI leaks private registry credentials to registry-1.docker.io
https://notcve.org/view.php?id=CVE-2021-41092
04 Oct 2021 — Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this ver... • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •