CVE-2025-36154
Unknown
Unknown - Not Provided
Cleartext Data Exposure in IBM Concert Docker Builds
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: IBM Corporation
Description
Description
IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | concert | 1.0.0 |
| ibm | concert | 2.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-313 | The product stores sensitive information in cleartext in a file, or on disk. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Concert versions 1.0.0 through 2.1.0 involves the storage of sensitive information in cleartext during recursive Docker builds. This means that sensitive data is not encrypted or protected and could be accessed by a local user on the system.
How can this vulnerability impact me? :
The vulnerability could allow a local user to obtain sensitive information stored in cleartext during Docker builds. This exposure could lead to unauthorized access to confidential data, potentially compromising security and privacy.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70