---

CVE-2021-41092 - log back

CVE-2021-41092 edited at 05 Oct 2021 08:16:36
Severity	- Medium + Low
Remote	- Remote + Local
Description	- A security issue has been found in Docker before version 20.10.9 where credentials could be disclosed to the default registry by accident. + A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to registry-1.docker.io rather than the intended private registry. + + This bug has been fixed in Docker CLI 20.10.9. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
References	- https://github.com/moby/moby/releases/tag/v20.10.9 + https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v + https://github.com/docker/cli/commit/42d1c02750b3631402da3973e5f36b76c8c934f4

CVE-2021-41092 edited at 04 Oct 2021 21:36:55
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue has been found in Docker before version 20.10.9 where credentials could be disclosed to the default registry by accident.
References	+ https://github.com/moby/moby/releases/tag/v20.10.9

CVE-2021-41092 created at 04 Oct 2021 21:30:34
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes