What is CVE-2023-3089?

CVE-2023-3089 is a high-severity vulnerability in Red Hat Openshift Serverless, classified under Protection Mechanism Failure. CVSS score: 7.0/10. Published 2023-07-05.

How severe is CVE-2023-3089?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Red Hat Openshift Serverless

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

EPSS: 0.004 (35.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L.

Affected products

Red Hat Openshift Serverless
Red Hat Openshift Service Mesh 2.2.x
Red Hat Openshift Service Mesh 2.3.x
Red Hat Openshift Service Mesh 2.4
Red Hat Advanced Cluster Management For Kubernetes 2
Red Hat Jboss A-mq Streams
Red Hat Openshift Container Platform 3.11
Red Hat Openshift Container Platform 4
Red Hat Openshift Data Foundation 4
Red Hat Openshift Sandboxed Containers

Weakness classification (CWE)

CWE-693 — Protection Mechanism Failure
CWE-521 — Weak Password Requirements

References

secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2023-3089?: CVE-2023-3089 is a high-severity vulnerability in Red Hat Openshift Serverless, classified under Protection Mechanism Failure. CVSS score: 7.0/10. Published 2023-07-05.
How severe is CVE-2023-3089?: High severity. CVSS v3 base score is 7.0 out of 10.