bbot docker_pull module vulnerable to authentication token leakage via realm parameter

The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation, allowing an attacker in a man-in-the-middle position to redirect authentication requests to an arbitrary endpoint and potentially leak authentication tokens.

Users of bbot who use the docker_pull module and are exposed to untrusted Docker registries or network paths where man-in-the-middle attacks are possible.

Update bbot to a patched version if available, or avoid using the docker_pull module with untrusted registries until a fix is applied.