Описание
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.
A vulnerability was found in OpenShift builds. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 4.1 | openshift4/ose-docker-builder | Fixed | RHSA-2019:4237 | 19.12.2019 |
| Red Hat OpenShift Container Platform 4.2 | openshift4/ose-docker-builder | Fixed | RHSA-2019:4101 | 11.12.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.7 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.
Уязвимость платформа приложений-контейнеров OpenShift, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю реализовать атаку типа «человек посередине»
EPSS
5.7 Medium
CVSS3