7 matches found
RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3143)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3143 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 Note that Nessus has not tested for thi...
CVE-2019-10150
It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. Mitigation Use only methods such as HTTPS with TLS...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11 atomic-openshift security update
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3143)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3143 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.1.20 openshift-enterprise-builder-container security update
An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.10 atomic-openshift kube-apiserver security update
An update for atomic-openshift kube-apiserver is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2019-10150
OpenShift Container Platform versions 3.6.x–4.6.0 fail to verify SSH host keys when using SSH key authentication during builds, allowing a network-adversary who can redirect traffic to alter build outputs (CVE-2019-10150). Affected product: OpenShift Container Platform. Root cause: builds do not ...