Sensitive Information Exposure in IBM Concert During Docker Builds
CVE-2025-36154
6.2MEDIUM
What is CVE-2025-36154?
IBM Concert versions 1.0.0 to 2.1.0 have a vulnerability that allows sensitive data to be stored in cleartext during recursive Docker builds. This information can be accessed by local users, posing a significant risk to data integrity and confidentiality. Organizations using affected versions should prioritize applying patches and reviewing their Docker build processes to mitigate potential exposure of sensitive information.
Affected Version(s)
Concert 1.0.0 <= 2.1.0