9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.9%
The Python certifi package, which is collection of root certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts, is used by IBM Cinder plug-in. certifi package is impacted by vulnerability CVE-2023-37920.
CVEID:CVE-2023-37920
**DESCRIPTION:**An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
Cinder Plug-in | All |
Update Python to version >= 3.6
Update certifi library to version >= 2023.7.22
Please note:
The plugin will still work on Python < 3.6, but it is necessary to update to fix this vulnerability, as the fixed version of certifi library is not supported on Python < 3.6
IBM Cinder SVf driver has been tested using non-vulnerable version of certifi library
None
CPE | Name | Operator | Version |
---|---|---|---|
cinder plug-in | eq | any |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.9%