cve/2023/CVE-2023-0296.md

### [CVE-2023-0296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0296)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20OpenShift%204.11%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-327&color=brighgreen)

### Description

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-0296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0296)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20OpenShift%204.11%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-327&color=brighgreen)`

			`### Description`

			The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`