The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/containers/image | lt | 2.0.2-0.20190802080134-634605d06e73+incompatible |