CVE-2019-14845

Name of the Vulnerable Software and Affected Versions OpenShift versions 4.1 up to 4.3 OpenShift builds (affected versions not specified, but includes versions that extract source from a container image)

Description The issue is related to a lack of code integrity verification, allowing for potential man-in-the-middle attacks. An attacker can exploit this to inject malicious content. The vulnerability affects OpenShift builds that extract source from a container image, bypassing TLS hostname verification.

Recommendations For OpenShift versions 4.1 up to 4.3, consider restricting access to the builds feature until a patch is available. As a temporary workaround, consider disabling the extraction of source from container images in OpenShift builds to minimize the risk of exploitation. Avoid using the builds feature in OpenShift for versions 4.1 up to 4.3 until the issue is resolved.