The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Cinder plug-in. cryptography-40.0.0 package could provide weaker than expected security, caused by an encoding mismatch regarding critical options with OpenSSH (vulnerability CVE-2023-38325).
CVEID:CVE-2023-38325
**DESCRIPTION:**Python Cryptographic Authority cryptography could provide weaker than expected security, caused by an encoding mismatch regarding critical options with OpenSSH. An attacker could exploit this vulnerability to launch further attacks on the system
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260859 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
Cinder Plug-in | All |
Update Python to version >= 3.9
Update cryptography library to version >= 41.0.3
Please note:
None
CPE | Name | Operator | Version |
---|---|---|---|
cinder plug-in | eq | any |