0.001 Low
EPSS
Percentile
39.7%
cri-o is vulnerable to information disclosure. The vulnerability exists as it does not enforce TLS when sending username+password credentials to token servers leading to credential disclosure.
lists.opensuse.org/opensuse-security-announce/2020-03/msg00035.html
lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
access.redhat.com/errata/RHSA-2019:2817
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214