Lucene search

K
cveRedhatCVE-2023-50782
HistoryFeb 05, 2024 - 9:15 p.m.

CVE-2023-50782

2024-02-0521:15:11
CWE-203
CWE-208
redhat
web.nvd.nist.gov
172
python-cryptography
flaw
remote attack
decryption
tls server
rsa key exchanges
exposure
confidential data
sensitive data

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

45.0%

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Affected configurations

Nvd
Node
redhatansible_automation_platformMatch2.0
Node
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0
Node
redhatupdate_infrastructureMatch4
Node
cryptography.iocryptographyRange<42.0.0python
Node
couchbasecouchbase_serverMatch7.6.0
OR
couchbasecouchbase_serverMatch7.6.1
VendorProductVersionCPE
redhatansible_automation_platform2.0cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
redhatupdate_infrastructure4cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*
cryptography.iocryptography*cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
couchbasecouchbase_server7.6.0cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*
couchbasecouchbase_server7.6.1cpe:2.3:a:couchbase:couchbase_server:7.6.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-cryptography",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-cryptography",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python39:3.9/python-cryptography",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-cryptography",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-cryptography",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-cryptography",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-cryptography",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:rhui:4::el8"
    ]
  }
]

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

45.0%