CVE-2023-6725 — Vulnetix

CVE-2023-6725 PUBLISHED CVSS 8.699999809265137 HIGH

Es besteht eine Schwachstelle in Red Hat OpenStack. Dieser Fehler besteht in der tripleo-ansible und in den designate-Komponenten aufgrund eines Zugriffskontrollproblems, das die RNDC-Schlüssel für jeden zugänglich macht, der Zugriff auf den Container hat. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.

EPSS 0.07% · 22.1th percentile

Risk Scores

CVSS 4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.07%

22.1th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux
Red Hat	Red Hat OpenStack tripleo-ansible
Red Hat	Red Hat OpenShift Container Platform <4.15.39
Red Hat	Red Hat OpenStack designate
Red Hat	Red Hat OpenStack 16.2
Red Hat	Red Hat OpenStack <17.1
IBM	IBM MQ Operator
Red Hat	Red Hat OpenShift Container Platform <4.12.72
Red Hat	Red Hat OpenStack 17.1

Exploit Intelligence

CIRCL seen: CVE-2023-6725 (circl-sighting)
CIRCL seen: CVE-2023-6725 (circl-sighting)
CIRCL seen: CVE-2023-6725 (circl-sighting)
RHSA-2024:2736 (circl)
RHSA-2024:2770 (circl)
https://access.redhat.com/security/cve/CVE-2023-6725 (circl)
RHBZ#2249273 (circl)

Timeline

Mar 15, 2024 CVE Published
Mar 15, 2024 PoC Published
Mar 15, 2024 PoC Published
Mar 15, 2024 PoC Published
Mar 16, 2024 EPSS Score
Apr 11, 2024 EPSS Score
May 7, 2024 EPSS Score
Jun 2, 2024 EPSS Score
Jun 28, 2024 EPSS Score
Jul 24, 2024 EPSS Score
Aug 19, 2024 EPSS Score
Sep 14, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0653.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0653 advisory
https://github.com/advisories/GHSA-pv5w-g537-v27f advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2249273 advisory
https://access.redhat.com/security/cve/CVE-2023-6725 advisory
https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1228.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1228 advisory
https://access.redhat.com/errata/RHSA-2024:2727 advisory
https://access.redhat.com/errata/RHSA-2024:2729 advisory
https://access.redhat.com/errata/RHSA-2024:2730 advisory
https://access.redhat.com/errata/RHSA-2024:2767 advisory
https://access.redhat.com/errata/RHSA-2024:2731 advisory
https://access.redhat.com/errata/RHSA-2024:2732 advisory
https://access.redhat.com/errata/RHSA-2024:2733 advisory
https://access.redhat.com/errata/RHSA-2024:2734 advisory
https://access.redhat.com/errata/RHSA-2024:2735 advisory
https://access.redhat.com/errata/RHSA-2024:2768 advisory
https://access.redhat.com/errata/RHSA-2024:2736 advisory
https://access.redhat.com/errata/RHSA-2024:2770 advisory
https://access.redhat.com/errata/RHSA-2024:2737 advisory

…and 14 more

Open in Interactive Console →