CVE-2023-3089

CWE-693 CWE-521 CWE-327 — Broken Cryptographic Algorithm4 documents4 sources

Severity

7.5HIGH

EPSS

0.1%

top 79.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform Redhat Openshift Container Platform FOR Arm64 Redhat Openshift Container Platform FOR Linuxone +2 more

Timeline

PublishedJul 5

Description

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:LExploitability: 2.2 | Impact: 4.7

Affected Packages1 packages

▶NVDredhat/openshift_container_platform_ibm_z_systems4.10, 4.11, 4.12+2

Also affects: Openshift Container Platform 4.10, 4.11, 4.12

🔴Vulnerability Details

CVEList

Ocp & fips mode↗2023-07-05

▶

GHSA

GHSA-wj5p-x3cr-46w8: A compliance problem was found in the Red Hat OpenShift Container Platform↗2023-07-05

▶

📋Vendor Advisories

Red Hat

openshift: OCP & FIPS mode↗2023-07-05

▶