Vulnerabilities > CVE-2023-2974 - Unspecified vulnerability in Redhat Build of Quarkus

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2023-07-04

Updated: 2023-11-07

Summary

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Build OF Quarkus - Redhat Build OF Quarkus 1.0 Redhat Build OF Quarkus 2.0 Redhat Build OF Quarkus 2.2.5 Redhat Build OF Quarkus 2.7 Redhat Build OF Quarkus 2.13.0	7

References

https://access.redhat.com/errata/RHSA-2023:3809
https://bugzilla.redhat.com/show_bug.cgi?id=2211026
https://access.redhat.com/security/cve/CVE-2023-2974