{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82504?format=json","vulnerability_id":"VCID-ef8a-kvf7-5kbm","summary":"atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository","aliases":[{"alias":"CVE-2019-10150"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105183?format=json","purl":"pkg:rpm/redhat/atomic-openshift@3.9.102-1.git.0.6411f52?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ej9-nn86-7bet"},{"vulnerability":"VCID-9s34-1nd8-f7ee"},{"vulnerability":"VCID-ef8a-kvf7-5kbm"},{"vulnerability":"VCID-xcss-tfeh-w7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.9.102-1.git.0.6411f52%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105456?format=json","purl":"pkg:rpm/redhat/atomic-openshift@3.10.175-1.git.0.f9f0e81?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-at1e-t3kt-17bg"},{"vulnerability":"VCID-ef8a-kvf7-5kbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.10.175-1.git.0.f9f0e81%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105573?format=json","purl":"pkg:rpm/redhat/atomic-openshift@3.11.153-1.git.0.aaf3f71?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ef8a-kvf7-5kbm"},{"vulnerability":"VCID-hbte-dsw2-y7ad"},{"vulnerability":"VCID-n66u-b73u-zucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.153-1.git.0.aaf3f71%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105457?format=json","purl":"pkg:rpm/redhat/cri-o@1.10.6-2.rhaos3.10.git56d7d9a?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-at1e-t3kt-17bg"},{"vulnerability":"VCID-ef8a-kvf7-5kbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.10.6-2.rhaos3.10.git56d7d9a%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10150.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10150","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52168","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.5216","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53129","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53098","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53149","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53142","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53177","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53161","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.532","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53208","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.5319","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53137","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53091","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53185","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.5315","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53176","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53086","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53105","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10150"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713433","reference_id":"1713433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2989","reference_id":"RHSA-2019:2989","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3007","reference_id":"RHSA-2019:3007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3143","reference_id":"RHSA-2019:3143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3143"}],"weaknesses":[{"cwe_id":287,"name":"Improper Authentication","description":"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."}],"exploits":[],"severity_range_score":"5.9 - 5.9","exploitability":"0.5","weighted_severity":"5.3","risk_score":2.6,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef8a-kvf7-5kbm"}