Published: 12/06/2019 Updated: 12/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Openshift Container Platform

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift container platform

Synopsis Moderate: OpenShift Container Platform 310 atomic-openshift kube-apiserver security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift kube-apiserver is now available for Red Hat OpenShift Container Platform 310Red Hat Product Security has rated this update as ...

Synopsis Moderate: OpenShift Container Platform 311 atomic-openshift security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Mo ...

Synopsis Moderate: OpenShift Container Platform 4120 openshift-enterprise-builder-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated ...

Synopsis Important: OpenShift Container Platform 39 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 39Red Hat Product Security has rated this update as having a security impact of Imp ...

CWE-287 https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputs.html#source-secrets-ssh-key-authentication https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150 https://access.redhat.com/errata/RHSA-2019:2989 https://access.redhat.com/errata/RHSA-2019:3007 https://access.redhat.com/errata/RHSA-2019:3143 https://access.redhat.com/errata/RHSA-2019:3811 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2019:2989

CVE-2019-10150

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect