Описание
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
Ссылки
- Issue TrackingVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
Уязвимость корпоративной платформы Red Hat OpenShift Container Platform, позволяющая нарушителю перенаправить сетевой трафик
EPSS
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2