A vulnerability was found in OpenShift builds. Builds which extract source from a container image bypass TLS hostname verification. An attacker can take advantage of this by launching a man-in-the-middle attack and injecting malicious content.
Name: Miloslav Trmač (Red Hat)
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 4.2
Via RHSA-2019:4101 https://access.redhat.com/errata/RHSA-2019:4101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):