CVE-2023-3089 — HIGH (7.0) — White Hats Nepal

Vulnerability Description

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Redhat	Openshift Container Platform	4.10
Redhat	Enterprise Linux	7.0
Redhat	Openshift Container Platform For Linuxone	4.10
Redhat	Openshift Container Platform For Power	4.10
Redhat	Openshift Container Platform Ibm Z Systems	4.10
Redhat	Openshift Container Platform For Arm64	4.10

Related Weaknesses (CWE)

CWE-521 CWE-693

References

https://access.redhat.com/security/cve/CVE-2023-3089Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2212085Issue TrackingVendor Advisory
https://access.redhat.com/security/cve/CVE-2023-3089Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2212085Issue TrackingVendor Advisory

FAQ

What is CVE-2023-3089?

CVE-2023-3089 is a vulnerability with a CVSS score of 7.0 (HIGH). A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

How severe is CVE-2023-3089?

CVE-2023-3089 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3089?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform, Redhat Enterprise Linux, Redhat Openshift Container Platform For Linuxone, Redhat Openshift Container Platform For Power, Redhat Openshift Container Platform Ibm Z Systems.