Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Advisory 2025:02289-2 on Docker Credential Leakage & DOM Risks

suse
Calendar Grey July 16, 2025
Dist Suse Esm H88
SUSE has published a security advisory announcing a moderate update for Docker that resolves concerns related to credential exposure and issues within the Document Object Model (DOM).
* bsc#1239765 * bsc#1240150 * bsc#1241830 * bsc#1242114 * bsc#1243833

Summary

## This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): * CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) * CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: * Update to docker-buildx v0.22.0. * Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). * Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) * Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905)

Topics%20covered

Topics Covered

security advisory moderate SuSE docker credential leakage dom construction

References

* bsc#1239765

* bsc#1240150

* bsc#1241830

* bsc#1242114

* bsc#1243833

* bsc#1244035

* jsc#PED-12534

* jsc#PED-8905

Cross-

* CVE-2025-0495

* CVE-2025-22872

CVSS scores:

* CVE-2025-0495 ( SUSE ): 4.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

* CVE-2025-0495 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

* CVE-2025-0495 ( NVD ): 4.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-22872 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Announcement ID: SUSE-SU-2025:02289-2
Release Date: 2025-07-16T15:48:13Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SuSE docker credential leakage dom construction

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here