Ocp & fips mode
CVE-2023-3089
7HIGH
Summary
A compliance issue has been identified in the Red Hat OpenShift Container Platform when operated in FIPS mode, where not all utilized cryptographic modules were validated against FIPS standards. This could potentially impact the security posture within environments that require FIPS-compliant cryptographic solutions, urging users to review their configurations and understand the implications on their compliance requirements.
Affected Version(s)
openshift 4.12.0
References
CVSS V3.1
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
This issue was discovered by David Benoit (Red Hat).