CVE-2014-5277CVE-2014-5277

Affected configuration(s):

cpe:/a:docker:docker:1.3.0
cpe:/a:docker:docker-py:0.5.3

Date published: 2014-11-17T11:59:01.480-05:00

Date last modified: 2014-11-18T22:02:26.037-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://lists.opensuse.org/opensuse-updates/2014-11/msg00048.html

Summary: Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.