CVE-2019-10214 – containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure

https://notcve.org/view.php?id=CVE-2019-10214

24 Sep 2019 — The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens. La biblioteca de containers/image utilizada por las herramientas de contenedores Podman, Buildah y Skopeo en Red Hat Enterprise Linux versión 8 y CRI-O e... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00035.html • CWE-522: Insufficiently Protected Credentials •