VDB
PYSEC-2014-80
PYSEC-2014-80
PUBLISHED
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | docker-py | 0.2.2, 0, 0.0.4 |
Timeline
- Nov 17, 2014 CVE Published
- Aug 21, 2024 CVE Updated