CVE-2019-10150
MEDIUMOpenShift Container Platform <4.6.0 - Open Redirect
Title source: llmDescription
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_misc
https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputs.html#source-secrets-ssh-key-authentication
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2989
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3007
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3143
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3811
Scores
CVSS v3
5.9
EPSS
0.0029
EPSS Percentile
52.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
Details
CWE
CWE-287
Status
published
Products (1)
redhat/openshift_container_platform
3.6 - 4.1
Published
Jun 12, 2019
Tracked Since
Feb 18, 2026