Upstream information

CVE-2019-10214 at MITRE

Description

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

SUSE information

Overall state of this security issue: Running

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 5.9 9
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Access Vector Network Network
Access Complexity High High
Privileges Required None None
User Interaction None None
Scope Unchanged Changed
Confidentiality Impact High High
Integrity Impact None High
Availability Impact None High
CVSSv3 Version 3.1 3
SUSE Bugzilla entry: 1144065 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Container suse/sles/15.3/cdi-importer:1.37.1.8.5.1
Container suse/sles/15.4/cdi-importer:1.43.0.16.7
  • skopeo >= 0.1.41-4.11.1
SUSE CaaS Platform 3.0
  • cri-o >= 1.11.14-4.14.1
Patchnames:
SUSE-CAASP-3.0-2019-2368
SUSE CaaS Platform 4.0
  • cri-o >= 1.15.0-3.3.2
  • cri-o-kubeadm-criconfig >= 1.15.0-3.3.2
Patchnames:
SUSE-SUSE-CAASP-4.0-2019-2369
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP3 GA skopeo-0.1.41-4.11.1
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP4
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP4 GA skopeo-0.1.41-4.11.1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
  • buildah >= 1.17.0-3.6.1
  • podman >= 1.4.4-4.11.1
  • podman-cni-config >= 1.4.4-4.11.1
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE-SLE-Module-Containers-15-SP1-2019-2341
SUSE-SLE-Module-Containers-15-SP1-2019-2346
SUSE-SLE-Module-Containers-15-SP1-2020-3423
SUSE-SLE-Module-Server-Applications-15-SP1-2019-2340
SUSE-SLE-Module-Server-Applications-15-SP1-2020-712
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
  • buildah >= 1.17.0-3.6.1
  • podman >= 1.8.0-4.20.1
  • podman-cni-config >= 1.8.0-4.20.1
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE Linux Enterprise Module for Containers 15 SP2 GA buildah-1.7.1-3.3.1
SUSE Linux Enterprise Module for Containers 15 SP2 GA podman-1.8.0-4.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP2 GA skopeo-0.1.41-4.11.1
SUSE-SLE-Module-Containers-15-SP2-2020-3423
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
  • buildah >= 1.23.1-150300.8.3.1
  • podman >= 2.1.1-4.28.1
  • podman-cni-config >= 2.1.1-4.28.1
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP3 GA skopeo-0.1.41-4.11.1
SUSE Linux Enterprise Module for Containers 15 SP3 GA buildah-1.17.0-3.6.1
SUSE Linux Enterprise Module for Containers 15 SP3 GA podman-2.1.1-4.28.1
SUSE-SLE-Module-Containers-15-SP3-2022-770
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
  • buildah >= 1.23.1-150400.1.17
  • podman >= 3.4.4-150400.2.14
  • podman-cni-config >= 3.4.4-150400.2.14
  • podman-docker >= 3.4.4-150400.2.14
  • podman-remote >= 3.4.4-150400.2.14
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP4 GA skopeo-0.1.41-4.11.1
SUSE Linux Enterprise Module for Containers 15 SP4 GA buildah-1.23.1-150400.1.17
SUSE Linux Enterprise Module for Containers 15 SP4 GA podman-3.4.4-150400.2.14
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
  • skopeo >= 0.1.32-4.8.1
Patchnames:
SUSE-SLE-Module-Server-Applications-15-2019-2340
SUSE Linux Enterprise Module for Containers 15 SP1
  • buildah >= 1.17.0-3.6.1
  • podman >= 1.4.4-4.11.1
  • podman-cni-config >= 1.4.4-4.11.1
Patchnames:
SUSE-SLE-Module-Containers-15-SP1-2019-2341
SUSE-SLE-Module-Containers-15-SP1-2019-2346
SUSE-SLE-Module-Containers-15-SP1-2020-3423
SUSE Linux Enterprise Module for Containers 15 SP2
  • buildah >= 1.17.0-3.6.1
  • podman >= 1.8.0-4.20.1
  • podman-cni-config >= 1.8.0-4.20.1
Patchnames:
SUSE Linux Enterprise Module for Containers 15 SP2 GA buildah-1.7.1-3.3.1
SUSE Linux Enterprise Module for Containers 15 SP2 GA podman-1.8.0-4.20.1
SUSE-SLE-Module-Containers-15-SP2-2020-3423
SUSE Linux Enterprise Module for Containers 15 SP3
  • buildah >= 1.23.1-150300.8.3.1
  • podman >= 2.1.1-4.28.1
  • podman-cni-config >= 2.1.1-4.28.1
Patchnames:
SUSE Linux Enterprise Module for Containers 15 SP3 GA buildah-1.17.0-3.6.1
SUSE Linux Enterprise Module for Containers 15 SP3 GA podman-2.1.1-4.28.1
SUSE-SLE-Module-Containers-15-SP3-2022-770
SUSE Linux Enterprise Module for Containers 15 SP4
  • buildah >= 1.23.1-150400.1.17
  • podman >= 3.4.4-150400.2.14
  • podman-cni-config >= 3.4.4-150400.2.14
  • podman-docker >= 3.4.4-150400.2.14
  • podman-remote >= 3.4.4-150400.2.14
Patchnames:
SUSE Linux Enterprise Module for Containers 15 SP4 GA buildah-1.23.1-150400.1.17
SUSE Linux Enterprise Module for Containers 15 SP4 GA podman-3.4.4-150400.2.14
SUSE Linux Enterprise Module for Server Applications 15 SP1
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE-SLE-Module-Server-Applications-15-SP1-2019-2340
SUSE-SLE-Module-Server-Applications-15-SP1-2020-712
SUSE Linux Enterprise Module for Server Applications 15 SP2
  • skopeo >= 0.1.41-4.11.1
Patchnames:
SUSE Linux Enterprise Module for Server Applications 15 SP2 GA skopeo-0.1.41-4.11.1
openSUSE Leap 15.0
  • skopeo >= 0.1.32-lp150.8.1
Patchnames:
openSUSE-2019-2159
openSUSE Leap 15.1
  • buildah >= 1.17.0-lp151.2.6.1
  • cri-o >= 1.17.1-lp151.2.2
  • cri-o-kubeadm-criconfig >= 1.17.1-lp151.2.2
  • cri-tools >= 1.18.0-lp151.2.1
  • go1.14 >= 1.14-lp151.6.1
  • go1.14-doc >= 1.14-lp151.6.1
  • go1.14-race >= 1.14-lp151.6.1
  • kubernetes-apiserver >= 1.18.0-lp151.5.1
  • kubernetes-client >= 1.18.0-lp151.5.1
  • kubernetes-controller-manager >= 1.18.0-lp151.5.1
  • kubernetes-kubeadm >= 1.18.0-lp151.5.1
  • kubernetes-kubelet-common >= 1.18.0-lp151.5.1
  • kubernetes-kubelet1.17 >= 1.18.0-lp151.5.1
  • kubernetes-kubelet1.18 >= 1.18.0-lp151.5.1
  • kubernetes-master >= 1.18.0-lp151.5.1
  • kubernetes-node >= 1.18.0-lp151.5.1
  • kubernetes-proxy >= 1.18.0-lp151.5.1
  • kubernetes-scheduler >= 1.18.0-lp151.5.1
  • podman >= 1.4.4-lp151.3.6.1
  • podman-cni-config >= 1.4.4-lp151.3.6.1
  • skopeo >= 0.1.41-lp151.2.6.1
Patchnames:
openSUSE-2019-2137
openSUSE-2019-2138
openSUSE-2019-2143
openSUSE-2020-2106
openSUSE-2020-377
openSUSE-2020-554
openSUSE Leap 15.2
  • buildah >= 1.19.2-lp152.2.3.1
  • libcontainers-common >= 20210112-lp152.2.6.1
  • podman >= 2.2.1-lp152.4.9.1
  • podman-cni-config >= 2.2.1-lp152.4.9.1
Patchnames:
openSUSE-2021-310
openSUSE Leap 15.3
  • buildah >= 1.23.1-150300.8.3.1
Patchnames:
openSUSE-SLE-15.3-2022-770
openSUSE Tumbleweed
  • buildah >= 1.23.0-1.1
  • cri-o >= 1.22.0-1.2
  • cri-o-kubeadm-criconfig >= 1.22.0-1.2
  • podman >= 3.3.1-2.1
  • podman-cni-config >= 3.3.1-2.1
  • podman-docker >= 3.3.1-2.1
  • podman-remote >= 3.3.1-2.1
  • skopeo >= 1.2.3-1.2
  • skopeo-bash-completion >= 1.2.3-1.2
Patchnames:
openSUSE Tumbleweed GA buildah-1.23.0-1.1
openSUSE Tumbleweed GA cri-o-1.22.0-1.2
openSUSE Tumbleweed GA podman-3.3.1-2.1
openSUSE Tumbleweed GA skopeo-1.2.3-1.2


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
SUSE CaaS Platform 4.0 buildah In progress
SUSE CaaS Platform 4.0 caasp-release Released
SUSE CaaS Platform 4.0 conmon Released
SUSE CaaS Platform 4.0 cri-o Released
SUSE CaaS Platform 4.0 cri-tools Released
SUSE CaaS Platform 4.0 etcd Released
SUSE CaaS Platform 4.0 helm Released
SUSE CaaS Platform 4.0 kubernetes Released
SUSE CaaS Platform 4.0 patterns-caasp-Node-1.15-1.16 Released
SUSE CaaS Platform 4.0 patterns-caasp-Node-1.16 Released
SUSE CaaS Platform 4.0 podman Released
SUSE CaaS Platform 4.0 release-notes-caasp Released
SUSE CaaS Platform 4.0 skopeo In progress
SUSE CaaS Platform 4.0 skuba Released
SUSE Enterprise Storage 6 buildah In progress
SUSE Enterprise Storage 6 podman Released
SUSE Enterprise Storage 6 skopeo In progress
SUSE Enterprise Storage 7 buildah In progress
SUSE Linux Enterprise Desktop 15 SP1 libcontainers-common Not affected
SUSE Linux Enterprise Desktop 15 SP3 libcontainers-common Not affected
SUSE Linux Enterprise High Performance Computing 15 libcontainers-common Not affected
SUSE Linux Enterprise High Performance Computing 15 LTSS skopeo In progress
SUSE Linux Enterprise High Performance Computing 15 SP1 buildah Released
SUSE Linux Enterprise High Performance Computing 15 SP1 kubernetes Released
SUSE Linux Enterprise High Performance Computing 15 SP1 libcontainers-common Not affected
SUSE Linux Enterprise High Performance Computing 15 SP1 podman Released
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS buildah In progress
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS buildah In progress
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS podman Released
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS skopeo In progress
SUSE Linux Enterprise High Performance Computing 15 SP2 buildah Released
SUSE Linux Enterprise High Performance Computing 15 SP2 podman Released
SUSE Linux Enterprise High Performance Computing 15 SP2 skopeo In progress
SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS buildah In progress
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS buildah In progress
SUSE Linux Enterprise High Performance Computing 15 SP3 buildah Released
SUSE Linux Enterprise High Performance Computing 15 SP3 conmon Not affected
SUSE Linux Enterprise High Performance Computing 15 SP3 libcontainers-common Not affected
SUSE Linux Enterprise High Performance Computing 15 SP3 podman Not affected
SUSE Linux Enterprise Micro 5.1 conmon Not affected
SUSE Linux Enterprise Micro 5.1 libcontainers-common Not affected
SUSE Linux Enterprise Micro 5.1 podman Not affected
SUSE Linux Enterprise Micro 5.3 conmon Not affected
SUSE Linux Enterprise Micro 5.3 libcontainers-common Not affected
SUSE Linux Enterprise Micro 5.3 podman Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP1 libcontainers-common Not affected
SUSE Linux Enterprise Module for Basesystem 15 SP3 libcontainers-common Not affected
SUSE Linux Enterprise Module for Containers 15 SP1 buildah Released
SUSE Linux Enterprise Module for Containers 15 SP1 kubernetes Released
SUSE Linux Enterprise Module for Containers 15 SP1 podman Released
SUSE Linux Enterprise Module for Containers 15 SP2 buildah Released
SUSE Linux Enterprise Module for Containers 15 SP2 podman Released
SUSE Linux Enterprise Module for Containers 15 SP3 buildah Released
SUSE Linux Enterprise Module for Containers 15 SP3 conmon Not affected
SUSE Linux Enterprise Module for Containers 15 SP3 podman Not affected
SUSE Linux Enterprise Module for Server Applications 15 libcontainers-common Not affected
SUSE Linux Enterprise Module for Server Applications 15 SP2 skopeo In progress
SUSE Linux Enterprise Server 15 libcontainers-common Not affected
SUSE Linux Enterprise Server 15 ESPOS skopeo In progress
SUSE Linux Enterprise Server 15 LTSS skopeo In progress
SUSE Linux Enterprise Server 15 SP1 buildah Released
SUSE Linux Enterprise Server 15 SP1 kubernetes Released
SUSE Linux Enterprise Server 15 SP1 libcontainers-common Not affected
SUSE Linux Enterprise Server 15 SP1 podman Released
SUSE Linux Enterprise Server 15 SP1 LTSS buildah In progress
SUSE Linux Enterprise Server 15 SP1 LTSS podman Released
SUSE Linux Enterprise Server 15 SP1 LTSS skopeo In progress
SUSE Linux Enterprise Server 15 SP2 buildah Released
SUSE Linux Enterprise Server 15 SP2 podman Released
SUSE Linux Enterprise Server 15 SP2 skopeo In progress
SUSE Linux Enterprise Server 15 SP2 LTSS buildah In progress
SUSE Linux Enterprise Server 15 SP3 buildah Released
SUSE Linux Enterprise Server 15 SP3 conmon Not affected
SUSE Linux Enterprise Server 15 SP3 libcontainers-common Not affected
SUSE Linux Enterprise Server 15 SP3 podman Not affected
SUSE Linux Enterprise Server Business Critical Linux 15 SP1 buildah In progress
SUSE Linux Enterprise Server Business Critical Linux 15 SP1 podman Released
SUSE Linux Enterprise Server Business Critical Linux 15 SP1 skopeo In progress
SUSE Linux Enterprise Server Business Critical Linux 15 SP2 buildah In progress
SUSE Linux Enterprise Server for SAP Applications 15 libcontainers-common Not affected
SUSE Linux Enterprise Server for SAP Applications 15 skopeo In progress
SUSE Linux Enterprise Server for SAP Applications 15 SP1 buildah Released
SUSE Linux Enterprise Server for SAP Applications 15 SP1 kubernetes Released
SUSE Linux Enterprise Server for SAP Applications 15 SP1 libcontainers-common Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP1 podman Released
SUSE Linux Enterprise Server for SAP Applications 15 SP1 skopeo In progress
SUSE Linux Enterprise Server for SAP Applications 15 SP2 buildah Released
SUSE Linux Enterprise Server for SAP Applications 15 SP2 podman Released
SUSE Linux Enterprise Server for SAP Applications 15 SP2 skopeo In progress
SUSE Linux Enterprise Server for SAP Applications 15 SP3 buildah Released
SUSE Linux Enterprise Server for SAP Applications 15 SP3 conmon Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP3 libcontainers-common Not affected
SUSE Linux Enterprise Server for SAP Applications 15 SP3 podman Not affected
SUSE Linux Enterprise Storage 6 buildah Released
SUSE Linux Enterprise Storage 6 kubernetes Released
SUSE Linux Enterprise Storage 6 libcontainers-common Not affected
SUSE Linux Enterprise Storage 6 podman Released
SUSE Linux Enterprise Storage 7 buildah Released
SUSE Linux Enterprise Storage 7 podman Released
SUSE Linux Enterprise Storage 7 skopeo In progress
SUSE Linux Enterprise Storage 7.1 buildah Released
SUSE Linux Enterprise Storage 7.1 conmon Not affected
SUSE Linux Enterprise Storage 7.1 libcontainers-common Not affected
SUSE Linux Enterprise Storage 7.1 podman Not affected
SUSE Manager Proxy 4.0 buildah Released
SUSE Manager Proxy 4.0 kubernetes Released
SUSE Manager Proxy 4.0 libcontainers-common Not affected
SUSE Manager Proxy 4.0 podman Released
SUSE Manager Proxy 4.0 skopeo In progress
SUSE Manager Proxy 4.1 buildah Released
SUSE Manager Proxy 4.1 podman Released
SUSE Manager Proxy 4.1 skopeo In progress
SUSE Manager Proxy 4.2 buildah Released
SUSE Manager Proxy 4.2 conmon Not affected
SUSE Manager Proxy 4.2 libcontainers-common Not affected
SUSE Manager Proxy 4.2 podman Not affected
SUSE Manager Retail Branch Server 4.0 buildah Released
SUSE Manager Retail Branch Server 4.0 kubernetes Released
SUSE Manager Retail Branch Server 4.0 libcontainers-common Not affected
SUSE Manager Retail Branch Server 4.0 podman Released
SUSE Manager Retail Branch Server 4.0 skopeo In progress
SUSE Manager Retail Branch Server 4.1 buildah Released
SUSE Manager Retail Branch Server 4.1 podman Released
SUSE Manager Retail Branch Server 4.1 skopeo In progress
SUSE Manager Retail Branch Server 4.2 buildah Released
SUSE Manager Retail Branch Server 4.2 conmon Not affected
SUSE Manager Retail Branch Server 4.2 libcontainers-common Not affected
SUSE Manager Retail Branch Server 4.2 podman Not affected
SUSE Manager Server 4.0 buildah Released
SUSE Manager Server 4.0 kubernetes Released
SUSE Manager Server 4.0 libcontainers-common Not affected
SUSE Manager Server 4.0 podman Released
SUSE Manager Server 4.0 skopeo In progress
SUSE Manager Server 4.1 buildah Released
SUSE Manager Server 4.1 podman Released
SUSE Manager Server 4.1 skopeo In progress
SUSE Manager Server 4.2 buildah Released
SUSE Manager Server 4.2 conmon Not affected
SUSE Manager Server 4.2 libcontainers-common Not affected
SUSE Manager Server 4.2 podman Not affected
suse/sles/15.3/cdi-importer:1.37.1
suse/sles/15.4/cdi-importer:1.43.0
libcontainers-commonNot affected
suse/sles/15.3/cdi-importer:1.37.1
suse/sles/15.4/cdi-importer:1.43.0
skopeoReleased


SUSE Timeline for this CVE

CVE page created: Fri Aug 2 18:12:25 2019
CVE page last modified: Fri Oct 7 16:48:19 2022