BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
Low severity
GitHub Reviewed
Published
Jun 17, 2026
in
blacklanternsecurity/bbot
•
Updated Jun 18, 2026
Description
Published by the National Vulnerability Database
Jun 17, 2026
Published to the GitHub Advisory Database
Jun 18, 2026
Reviewed
Jun 18, 2026
Last updated
Jun 18, 2026
The
docker_pullmodule uses therealmparameter from a Docker registry'sWWW-Authenticateresponse header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.References