CVE-2019-10150 MEDIUM

CVE-2019-10150

Vendor Redhat
Product atomic-openshift
Weakness CWE-287 · Improper authentication
Published June 12, 2019
Last update August 4, 2024

CVSS base score

5.9/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

Key dates

02Disclosure timeline

June 12, 2019 CVE published
August 4, 2024 Record updated