CVE-2023-5366

Отчет

Red Hat Enterprise Linux 7 provides the openvswitch package only through the unsupported Optional repository. Customers are advised to install Open vSwitch (OVS) from RHEL Fast Datapath instead. Red Hat OpenStack Platform 13/16 deployments are not affected because they use openvswitch directly from the Fast Datapath channel. A rhosp-openvswitch update will therefore not be provided at this time. Any updates will be distributed through that channel. Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-345: Insufficient Verification of Data Authenticity vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat restricts access to all information contained within the platform by default. Access to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, ensuring that mechanisms such as digital signatures or certificates verify the authenticity and origin of data. External infrastructure and internal cluster certificates are established and maintained within the secure environment. The platform enforces validated cryptographic modules across all compute resources, helping prevent unauthorized actors from accessing or interpreting exposed information, even if it is intercepted.