Back to bug 2023449
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Michael Kaplan | 2021-11-15 18:18:44 UTC | Blocks | 2023450 | |
| Stoyan Nikolov | 2021-11-16 09:55:13 UTC | CC | cnv-qe-bugs, fdeutsch, fdupont | |
| Florencio Cano | 2021-11-16 12:35:25 UTC | CC | crarobin, jmadigan, ngough, pamccart | |
| Florencio Cano | 2021-11-16 12:35:51 UTC | CC | fjansen | |
| Florencio Cano | 2021-11-16 12:36:04 UTC | CC | caswilli | |
| Florencio Cano | 2021-11-16 12:36:46 UTC | CC | jnakfour | |
| Przemyslaw Roguski | 2021-11-16 17:49:37 UTC | Fixed In Version | moby 20.10.9 | |
| Priority | high | medium | ||
| Severity | high | medium | ||
| Przemyslaw Roguski | 2021-11-16 19:28:50 UTC | CC | team-winc | |
| Przemyslaw Roguski | 2021-11-16 19:35:47 UTC | Fixed In Version | moby 20.10.9 | docker-cli 20.10.9 |
| Summary | CVE-2021-41092 moby: cli leaks private registry credentials to registry-1.docker.io | CVE-2021-41092 docker: cli leaks private registry credentials to registry-1.docker.io | ||
| Doc Text | A confidential data leak vulnerability was found in Moby (Docker Engine). | |||
| Przemyslaw Roguski | 2021-11-16 19:40:50 UTC | Doc Text | A confidential data leak vulnerability was found in Moby (Docker Engine). | A confidential data leak vulnerability was found in Docker CLI. Execution of `docker login` to a private registry may sent provided credentials in misconfigured docker credentials store to registry-1.docker.io rather than to the specified private registry. An attacker may potentially use this vulnerability to steal private registry credentials. |
| Przemyslaw Roguski | 2021-11-16 19:51:01 UTC | CC | alazar, lgamliel, mfilanov | bbennett, jlanford, krizza |
| RaTasha Tillery-Smith | 2021-11-16 20:34:21 UTC | Doc Text | A confidential data leak vulnerability was found in Docker CLI. Execution of `docker login` to a private registry may sent provided credentials in misconfigured docker credentials store to registry-1.docker.io rather than to the specified private registry. An attacker may potentially use this vulnerability to steal private registry credentials. | A confidential data leak vulnerability was found in Docker CLI. The execution of `docker login` to a private registry may send provided credentials in a misconfigured docker credentials store to the registry-1.docker.io rather than the specified private registry. This flaw allows an attacker to steal private registry credentials. The highest threat from this vulnerability is to confidentiality. |
| Florencio Cano | 2021-11-22 11:07:59 UTC | Depends On | 2025487, 2025489 | |
| Florencio Cano | 2021-11-29 14:11:00 UTC | CC | ggastald, sbiarozk | |
| Red Hat Bugzilla | 2021-12-31 22:19:11 UTC | CC | josorior | |
| Red Hat Bugzilla | 2022-01-08 05:30:26 UTC | CC | jokerman | |
| Red Hat Bugzilla | 2022-02-22 06:37:19 UTC | CC | jnakfour | |
| Red Hat Bugzilla | 2022-04-22 18:53:22 UTC | CC | pdhamdhe | |
| Red Hat Bugzilla | 2022-05-09 08:31:55 UTC | CC | aos-bugs | |
| Red Hat Bugzilla | 2022-07-16 08:29:23 UTC | CC | team-winc | |
| Red Hat Bugzilla | 2022-10-08 04:27:49 UTC | CC | gghezzo | |
| Red Hat Bugzilla | 2022-12-15 08:29:34 UTC | CC | cnv-qe-bugs | |
| Red Hat Bugzilla | 2023-01-04 08:27:36 UTC | CC | mrogers | |
| Red Hat Bugzilla | 2023-07-07 08:31:24 UTC | Assignee | security-response-team | nobody |
| Red Hat Bugzilla | 2023-08-14 08:27:35 UTC | CC | jhrozek |
Back to bug 2023449