Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325)
CVE-2023-6596

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Openshift Container Platform 4.11
Red Hat Openshift Container Platform 4.12
Red Hat Openshift Container Platform 4
Vendor
CVE Published:
25 April 2024

Summary

An incomplete fix was implemented for the previously identified vulnerabilities related to Rapid Reset in OpenShift Containers. This ongoing problem stems from prior issues associated with CVE-2023-44487 and CVE-2023-39325, highlighting a critical need for users to be aware of the potential security risks. Administrators should closely monitor updates and advisories from Red Hat to mitigate any threats associated with this vulnerability. Please refer to the vendor’s official advisories for further details.

Affected Version(s)

Red Hat OpenShift Container Platform 4.11 v4.11.0-202401301508.p0.g5ea0428.assembly.stream

Red Hat OpenShift Container Platform 4.12 v4.12.0-202401190520.p0.g4b287bd.assembly.stream

References

https://access.redhat.com/errata/RHSA-2024:0485
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0682
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6596
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.