Vulnerabilities > CVE-2023-50782 - Information Exposure Through Discrepancy vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

python-cryptography-project

CWE-203

NVD

Published: 2024-02-05

Updated: 2024-02-26

Summary

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Ansible Automation Platform 2.0 Redhat Update Infrastructure 4	2
Application	Python-Cryptography_Project Python Cryptography Project Python Cryptography 3.2	1
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://access.redhat.com/security/cve/CVE-2023-50782
https://bugzilla.redhat.com/show_bug.cgi?id=2254432