CVE-2019-10150

Summary

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

Affected Software

VendorProductVersion RangeStatus
redhatatomic-openshift3.6.x - 4.0.0affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References