Описание
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
A Client Authentication Bypass was found in Erlang/OTP. This issue occurs in certain client-certification situations for SSL, TLS, and DTLS.
Отчет
Some releases of Red Hat OpenStack Platform ship an affected version of the Erlang libraries, however RHOSP is configured to use application-level shared secret authentication during TLS sessions. This makes it unlikely to be exploitable as none of the vulnerable codepaths are exposed and no client certificate is used for authentication. For this reason the impact to Red Hat OpenStack Platform has been downgraded to Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 13 (Queens) | erlang | Will not fix | ||
| Red Hat OpenStack Platform 16.1 | erlang | Will not fix | ||
| Red Hat OpenStack Platform 17.0 | erlang | Not affected | ||
| Red Hat OpenStack Platform 16.2 | erlang | Fixed | RHSA-2022:8857 | 07.12.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.4 Critical
CVSS3
Связанные уязвимости
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...
EPSS
9.4 Critical
CVSS3