CVE-2023-3089

Advisory lineage Upstream: 0 Downstream: 6

Downstream

RHSA-2023:3910 RHSA-2023:3914 RHSA-2023:3924 RHSA-2023:4093 RHSA-2023:4471 RHSA-2023:5009

Modified

Published: 05 Jul 2023, 12:21

Last modified:24 Oct 2024, 19:13

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.07% LOW

0% probability +0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Jul 2023, 12:21

Published

Vulnerability first disclosed

24 Oct 2024, 19:13

Last Modified

Vulnerability information updated

Description

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVSS Metrics

v3.1•HIGH•Score: 7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

CWE-521•Weak Password Requirements
The product does not require that users should have strong passwords.
CWE-693•Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Systems

redhat•openshift_container_platform
4.10
redhat•openshift_container_platform_for_arm64
4.10 | 4.11 | 4.12
redhat•openshift_container_platform_for_linuxone
4.10 | 4.11 | 4.12
redhat•openshift_container_platform_for_power
4.10 | 4.11 | 4.12
redhat•openshift_container_platform_ibm_z_systems
4.10 | 4.11 | 4.12