Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-3089

Опубликовано: 05 июл. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Отчет

https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 The static scanning tool (to verify your system is once again compliant with FIPS) is available here https://github.com/openshift/check-payload

Меры по смягчению последствий

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected packages as soon as possible.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11openshiftNot affected
DEVWORKSPACE-1.0-RHEL-8devworkspace/devworkspace-operator-bundleFixedRHSA-2023:427625.07.2023
DEVWORKSPACE-1.0-RHEL-8devworkspace/devworkspace-project-clone-rhel8FixedRHSA-2023:427625.07.2023
DEVWORKSPACE-1.0-RHEL-8devworkspace/devworkspace-rhel8-operatorFixedRHSA-2023:427625.07.2023
Multicluster Engine for Kubernetesmulticluster-engine-agent-service-containerFixedRHSA-2023:497205.09.2023
Multicluster Engine for Kubernetesmulticluster-engine-apiserver-network-proxy-containerFixedRHSA-2023:497205.09.2023
Multicluster Engine for Kubernetesmulticluster-engine-assisted-image-service-containerFixedRHSA-2023:497205.09.2023
Multicluster Engine for Kubernetesmulticluster-engine-assisted-installer-agent-containerFixedRHSA-2023:497205.09.2023
Multicluster Engine for Kubernetesmulticluster-engine-assisted-installer-containerFixedRHSA-2023:497205.09.2023
Multicluster Engine for Kubernetesmulticluster-engine-assisted-installer-reporter-containerFixedRHSA-2023:497205.09.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-327
https://bugzilla.redhat.com/show_bug.cgi?id=2212085openshift: OCP & FIPS mode

EPSS

Процентиль: 16%
0.00053
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-3089

CVSS3: 7
nvd
больше 2 лет назад

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

github логотип

GHSA-wj5p-x3cr-46w8

CVSS3: 7
github
больше 2 лет назад

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

EPSS

Процентиль: 16%
0.00053
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2023-3089