Vulnerability Description
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Build Of Quarkus | < 2.13.8 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:3809Release Notes
- https://access.redhat.com/security/cve/CVE-2023-2974Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2211026Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2023:3809Release Notes
- https://access.redhat.com/security/cve/CVE-2023-2974Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2211026Issue TrackingVendor Advisory
FAQ
What is CVE-2023-2974?
CVE-2023-2974 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the ...
How severe is CVE-2023-2974?
CVE-2023-2974 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2974?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Build Of Quarkus.