Published: 08/10/2019 Updated: 12/02/2023

CVSS v2 Base Score: 2.9 | Impact Score: 2.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 258

Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift

Synopsis Moderate: OpenShift Container Platform 4128 openshift-enterprise-builder-container security update Type/Severity Security Advisory: Moderate Topic An update for the openshift-enterprise-builder container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has ra ...

Synopsis Moderate: OpenShift Container Platform 42 openshift-enterprise-builder-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated thi ...

CWE-494 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845 https://access.redhat.com/errata/RHSA-2019:4101 https://access.redhat.com/errata/RHSA-2019:4237 https://access.redhat.com/errata/RHSA-2019:4237 https://nvd.nist.gov

CVE-2019-14845

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect