Ocp & fips mode
CVE-2023-3089

7HIGH

Key Information:

Vendor: Red Hat
Status: Openshift; Openshift Serverless; Openshift Service Mesh 2.2.x; Openshift Service Mesh 2.3.x
Vendor: CVE Published:; 5 July 2023

What is CVE-2023-3089?

A compliance issue has been identified in the Red Hat OpenShift Container Platform when operated in FIPS mode, where not all utilized cryptographic modules were validated against FIPS standards. This could potentially impact the security posture within environments that require FIPS-compliant cryptographic solutions, urging users to review their configurations and understand the implications on their compliance requirements.

Affected Version(s)

openshift 4.12.0

References

https://access.redhat.com/security/cve/CVE-2023-3089

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2212085

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
Jun 3, 2023

Credit

This issue was discovered by David Benoit (Red Hat).