EUVD-2026-37814
GHSA-3mp7-vp6j-2mxx
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
MITM network position required (AC:H); attacker needs no credentials (PR:N); impact is solely auth token exfiltration with no integrity or availability consequence.
Primary rating from Vendor (BLSOPS).
CVSS VectorVendor: BLSOPS
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.
AnalysisAI
Authentication token leakage in Black Lantern Security's bbot docker_pull module exposes Docker credentials to MITM attackers who can substitute the realm parameter in a forged WWW-Authenticate Bearer challenge. When bbot contacts a Docker registry and receives a 401 response, the vulnerable module blindly trusts the attacker-supplied realm URL and forwards authentication material to an arbitrary endpoint outside the legitimate registry domain. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a man-in-the-middle network position between the bbot host and the target Docker registry sufficient to intercept and modify HTTP/S responses - achievable via ARP spoofing, rogue DNS, compromised proxy, or (if TLS is not enforced end-to-end) a rogue CA in the system trust store. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 3.1 (Low) is consistent with the actual attack prerequisites: AV:N and AC:H together reflect that network access is required but a genuine MITM position must be established - a non-trivial bar that significantly narrows the realistic attacker population. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a MITM position achieved via ARP spoofing on a shared CI/CD runner network or DNS poisoning intercepts bbot's connection to a Docker registry and replaces the legitimate WWW-Authenticate realm value with a URL pointing to an attacker-controlled server or a cloud metadata endpoint (e.g., http://169.254.169.254/latest/meta-data). Bbot then sends its Docker Bearer token request - including service and scope parameters - to the attacker's endpoint, which captures the authentication material. … |
| Remediation | Update bbot to the latest available release and verify it includes commit c2f4bc0f4 or later (https://github.com/blacklanternsecurity/bbot/commit/c2f4bc0f4). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in
Arbitrary file read in Budibase self-hosted server (@budibase/server <= 3.39.0) allows an authenticated workspace builde
Path traversal in BBOT's unarchive internal module enables a malicious archive hosted by attacker-controlled infrastruct
Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to
Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments
Share
External POC / Exploit Code
Leaving vuln.today