It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
References
Configurations
History
12 Feb 2023, 23:33
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. |
02 Feb 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. |
Information
Published : 2019-06-12 14:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-10150
Mitre link : CVE-2019-10150
CVE.ORG link : CVE-2019-10150
JSON object : View
Products Affected
redhat
- openshift_container_platform
CWE
CWE-287
Improper Authentication