Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 816321 (CVE-2021-41092) - <app-containers/docker-cli-20.10.9: May send credentials to non-chosen registry (CVE-2021-41092)
Summary: <app-containers/docker-cli-20.10.9: May send credentials to non-chosen regist...
Alias: CVE-2021-41092
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa?]
Depends on: 816468
  Show dependency tree
Reported: 2021-10-05 04:00 UTC by Sam James
Modified: 2022-01-01 10:29 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-05 04:00:23 UTC
CVE-2021-41092 (

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-06 15:49:56 UTC
Please cleanup
Comment 2 Larry the Git Cow gentoo-dev 2021-10-06 16:49:50 UTC
The bug has been referenced in the following commit(s):

commit 119eddeda445019d4203d3f3e687290c36cc3245
Author:     William Hubbs <>
AuthorDate: 2021-10-06 16:49:17 +0000
Commit:     William Hubbs <>
CommitDate: 2021-10-06 16:49:44 +0000

    app-emulation/docker-cli: remove old
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: William Hubbs <>

 app-emulation/docker-cli/Manifest                  |  2 -
 app-emulation/docker-cli/docker-cli-20.10.7.ebuild | 64 ---------------------
 app-emulation/docker-cli/docker-cli-20.10.8.ebuild | 66 ----------------------
 3 files changed, 132 deletions(-)