CVE-2019-10150
atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
Se encontró que OpenShift Container Platform versiones 3.6.x hasta 4.6.0, no realizan la comprobación de clave del host SSH cuando es usada la autenticación de la clave ssh durante las compilaciones. Un atacante, con la capacidad de redireccionar el tráfico de la red, podría usar esto para alterar la salida de compilación resultante.
It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-06-12 CVE Published
- 2024-06-05 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | >= 3.6 <= 4.1 Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 3.6 <= 4.1" | - |
Affected
|