Redhat Atomic-Openshift vulnerabilities

CVE-2019-10176 [MEDIUM] CWE-352 CVE-2019-10176: A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack.

CVE-2019-10150 [MEDIUM] CWE-287 CVE-2019-10150: It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.