github.com/docker/cli is vulnerable to information disclosure. The vulnerability exists due to a misconfigured configuration file which when listing a credsStore
or credHelpers
that could not be executed would list credentials being sent to registry-1.docker.io
rather than the intended private registry.
cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
lists.fedoraproject.org/archives/list/[email protected]/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
lists.fedoraproject.org/archives/list/[email protected]/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/