Description
Your Docker Hub credentials may have been sent to a third-party registry if:
- you have your Docker Hub credentials stored locally
- the Docker image you are using is not stored on Docker Hub (eg. it’s on a private or third party registry)
- you are using the image directly (with
image
) and not as the base image for a image being built (in a Dockerfile within build_directory
)
- the image you are using had not already pulled and batect pulled it for you, and
- the image is specified in the format
registry/image_name
in your batect configuration file (other formats such as registry/repo/image_name
are not affected)
Impact
If all of the criteria above are fulfilled, your Docker Hub credentials have been sent to the third-party registry.
To be clear, credentials for private registries have not been exposed, only those for Docker Hub.
Affected versions
Version 0.18.0 is the first affected version, and the issue is fixed in version 0.35.1.
How to check for exposure
You can check if your Docker Hub credentials are stored locally by running docker logout
:
If Docker responds with Removing login credentials for https://index.docker.io/v1/
, then your credentials were stored locally and may have been exposed.
If Docker responds with Not logged in to https://index.docker.io/v1/
, then your credentials were not stored locally and were not exposed.
Remedy
The issue is fixed in batect version 0.35.1. Teams can update to the latest version by running ./batect --upgrade
. It is highly recommend anyone affected by this reset their Docker Hub password.
Description
Your Docker Hub credentials may have been sent to a third-party registry if:
image
) and not as the base image for a image being built (in a Dockerfile withinbuild_directory
)registry/image_name
in your batect configuration file (other formats such asregistry/repo/image_name
are not affected)Impact
If all of the criteria above are fulfilled, your Docker Hub credentials have been sent to the third-party registry.
To be clear, credentials for private registries have not been exposed, only those for Docker Hub.
Affected versions
Version 0.18.0 is the first affected version, and the issue is fixed in version 0.35.1.
How to check for exposure
You can check if your Docker Hub credentials are stored locally by running
docker logout
:If Docker responds with
Removing login credentials for https://index.docker.io/v1/
, then your credentials were stored locally and may have been exposed.If Docker responds with
Not logged in to https://index.docker.io/v1/
, then your credentials were not stored locally and were not exposed.Remedy
The issue is fixed in batect version 0.35.1. Teams can update to the latest version by running
./batect --upgrade
. It is highly recommend anyone affected by this reset their Docker Hub password.