Vulnerability Description
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | >= 3.6, <= 4.1 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:2989
- https://access.redhat.com/errata/RHSA-2019:3007
- https://access.redhat.com/errata/RHSA-2019:3143
- https://access.redhat.com/errata/RHSA-2019:3811
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150Issue TrackingVendor Advisory
- https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputsVendor Advisory
- https://access.redhat.com/errata/RHSA-2019:2989
- https://access.redhat.com/errata/RHSA-2019:3007
- https://access.redhat.com/errata/RHSA-2019:3143
- https://access.redhat.com/errata/RHSA-2019:3811
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150Issue TrackingVendor Advisory
- https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputsVendor Advisory
FAQ
What is CVE-2019-10150?
CVE-2019-10150 is a vulnerability with a CVSS score of 5.9 (MEDIUM). It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect ...
How severe is CVE-2019-10150?
CVE-2019-10150 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10150?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform.