Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix github.com/docker/cli CVE-2021-41092 #144

Merged
merged 1 commit into from
Nov 19, 2021
Merged

Fix github.com/docker/cli CVE-2021-41092 #144

merged 1 commit into from
Nov 19, 2021

Conversation

jauderho
Copy link
Contributor

This was flagged by Trivy while scanning my image for dry. See https://avd.aquasec.com/nvd/cve-2021-41092/

From Trivy:

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to registry-1.docker.io rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

Signed-off-by: Jauder Ho [email protected]

@moncho moncho merged commit c10d29a into moncho:master Nov 19, 2021
@jauderho jauderho deleted the fix-CVE-2021-41092 branch November 19, 2021 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jauderho @moncho