CVE-2019-10150

medium

Description

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2019:3811

https://access.redhat.com/errata/RHSA-2019:3143

https://access.redhat.com/errata/RHSA-2019:3007

https://access.redhat.com/errata/RHSA-2019:2989

https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputs.html#source-secrets-ssh-key-authentication

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150

Details

Source: Mitre, NVD

Published: 2019-06-12

Updated: 2023-02-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00316