CVE-2023-0296 — MEDIUM (5.3)

Vulnerability Description

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Openshift	4.11

Related Weaknesses (CWE)

CWE-327

References

https://bugzilla.redhat.com/show_bug.cgi?id=2161287Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2161287Issue Tracking

FAQ

What is CVE-2023-0296?

CVE-2023-0296 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the e...

How severe is CVE-2023-0296?

CVE-2023-0296 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0296?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift.