Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat docker package 输入验证漏洞
Vulnerability Description
Docker是美国Docker公司的一款开源的应用容器引擎,它支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。Red Hat docker package美国红帽(Red Hat)公司的一个基于Linux系统的docker包。 Red Hat docker package 1.5.0-28之前版本中存在安全漏洞,该漏洞源于当程序使用HTTPS连接注册表失败时会回退到HTTP。当程序使用‘--add-registry’选项时,攻击
CVSS Information
N/A
Vulnerability Type
N/A