Sensitive Information Exposure in IBM Concert During Docker Builds
CVE-2025-36154
6.2MEDIUM
What is CVE-2025-36154?
IBM Concert versions 1.0.0 to 2.1.0 have a vulnerability that allows sensitive data to be stored in cleartext during recursive Docker builds. This information can be accessed by local users, posing a significant risk to data integrity and confidentiality. Organizations using affected versions should prioritize applying patches and reviewing their Docker build processes to mitigate potential exposure of sensitive information.
Affected Version(s)
Concert 1.0.0 <= 2.1.0
References
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved