admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-0296.md
marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00

18 lines
1.1 KiB
Markdown
Raw Permalink Blame History

### [CVE-2023-0296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0296)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20OpenShift%204.11%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-327&color=brighgreen)
### Description
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
Reference in New Issue View Git Blame Copy Permalink