{"containers": {"cna": {"affected": [{"product": "atomic-openshift", "vendor": "redhat", "versions": [{"status": "affected", "version": "3.6.x - 4.0.0"}]}], "descriptions": [{"lang": "en", "value": "It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-07T18:06:33", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputs.html#source-secrets-ssh-key-authentication"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150"}, {"name": "RHSA-2019:2989", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2989"}, {"name": "RHSA-2019:3007", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3007"}, {"name": "RHSA-2019:3143", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3143"}, {"name": "RHSA-2019:3811", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3811"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:10:10.023Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputs.html#source-secrets-ssh-key-authentication"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150"}, {"name": "RHSA-2019:2989", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2989"}, {"name": "RHSA-2019:3007", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3007"}, {"name": "RHSA-2019:3143", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3143"}, {"name": "RHSA-2019:3811", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3811"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10150", "datePublished": "2019-06-12T13:42:36", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:10:10.023Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "27000370-7167-4F83-9DD6-1B9E78451D45", "versionEndIncluding": "4.1", "versionStartIncluding": "3.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output."}, {"lang": "es", "value": "Se encontr\u00f3 que OpenShift Container Platform versiones 3.6.x hasta 4.6.0, no realizan la comprobaci\u00f3n de clave del host SSH cuando es usada la autenticaci\u00f3n de la clave ssh durante las compilaciones. Un atacante, con la capacidad de redireccionar el tr\u00e1fico de la red, podr\u00eda usar esto para alterar la salida de compilaci\u00f3n resultante."}], "id": "CVE-2019-10150", "lastModified": "2023-02-12T23:33:10.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 4.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-06-12T14:29:02.867", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:2989"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:3007"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:3143"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:3811"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10150"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputs.html#source-secrets-ssh-key-authentication"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank @l14n_uk for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:2989", "cpe": "cpe:/a:redhat:openshift:3.10::el7", "package": "atomic-openshift-0:3.10.175-1.git.0.f9f0e81.el7", "product_name": "Red Hat OpenShift Container Platform 3.10", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:2989", "cpe": "cpe:/a:redhat:openshift:3.10::el7", "package": "cri-o-0:1.10.6-2.rhaos3.10.git56d7d9a.el7", "product_name": "Red Hat OpenShift Container Platform 3.10", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3143", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.153-1.git.0.aaf3f71.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-10-18T00:00:00Z"}, {"advisory": "RHSA-2019:3811", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-0:3.9.102-1.git.0.6411f52.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2019-11-07T00:00:00Z"}, {"advisory": "RHSA-2019:3007", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "openshift4/ose-docker-builder:v4.1.20-201910102034", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-10-16T00:00:00Z"}], "bugzilla": {"description": "atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository", "id": "1713433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713433"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "status": "verified"}, "cwe": "CWE-287", "details": ["It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.", "It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output."], "mitigation": {"lang": "en:us", "value": "Use only methods (such as HTTPS with TLS verification) that enable the identity of the remote repository to be validated."}, "name": "CVE-2019-10150", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.7"}], "public_date": "2019-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10150\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10150\nhttps://docs.openshift.com/container-platform/3.11/dev_guide/builds/build_inputs.html#source-secrets-ssh-key-authentication"], "statement": "OpenShift Container Platform allows for various types of \"source clone secrets\" to be defined in order to permit building from non-public git repositories. When using ssh key authentication, the server host key checking function is disabled.\nAn attacker with the ability to redirect the network traffic and perform a \"man in the middle\" attack will be able to redirect the build job to use arbitrary content of their choosing.\nNote that the same flaw (non-verification of remote server) is present when using HTTP, or when using HTTPS with TLS verification manually disabled.", "threat_severity": "Moderate"}