CNNVD-202601-2997 Information
CNNVD ID
CNNVD-202601-2997
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
Tugtainer是Eugene Savin个人开发者的一个具有web UI的自动化Docker容器更新应用程序。 Tugtainer 1.16.1之前版本存在安全漏洞,该漏洞源于密码身份验证机制通过URL查询参数传输密码,可能导致密码被记录在服务器访问日志、浏览器历史记录、Referer标头和代理日志中。
Description (English)
Tugtainer is an automated Docker container update application with web UI for Eugene Savin personal developer. There is a security loophole in the pre-Tugtainer version of 1.16.1 which stems from the password authentication mechanism that transmits the password through URL query parameters, which may result in the password being recorded in server access logs, browser history records, Referer logs and proxy logs.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/Quenary/tugtainer/commit/9d23bf40ac1d39005582abfcf0a84753a4e29d52 https://github.com/Quenary/tugtainer/security/advisories/GHSA-f2qf-f544-xm4p https://access.redhat.com/security/cve/cve-2026-23846
Patch
https://github.com/Quenary/tugtainer/releases
Share on: