SSH Host Key Vulnerability in OpenShift Container Platform by Red Hat
CVE-2019-10150

5.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Atomic-openshift
Vendor
CVE Published:
12 June 2019

What is CVE-2019-10150?

OpenShift Container Platform versions ranging from 3.6.x to 4.6.0 have a security misconfiguration that fails to validate SSH host keys when utilizing SSH key authentication during the build process. This oversight enables an attacker capable of redirecting network traffic to manipulate the build output, potentially leading to unauthorized access or alterations in the software being developed. It is crucial for users to implement necessary safeguards and updates to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

atomic-openshift 3.6.x - 4.0.0

References

https://docs.openshift.com/container-platform/3.11/dev_gu...
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:2989
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.