Download of Code Without Integrity Check

CVE-2019-14845

Medium

5.3/10

Summary

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-494 - Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References

Advisory Timeline

Published Oct 08, 2019

Download of Code Without Integrity Check

CVE-2019-14845

Summary

CWE-494 - Download of Code Without Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

ChainAlert