Lucene search
+L

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/04 9:24 p.m.17 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to an Observable Timing Discrepancy in Vault (CVE-2023-25000)

Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-25000. Vulnerability Details...

5CVSS5.9AI score0.0021EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/17 10:30 p.m.52 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

9.1CVSS7AI score0.05994EPSS
Exploits9References909
RedhatCVE
RedhatCVE
added 2023/03/30 10:14 a.m.35 views

CVE-2023-25000

A flaw was found in the Hashicorp vault. This flaw allows an attacker with access to and the ability to observe a large number of unseal operations on the host through a side channel to reduce the search space of a brute-force effort to recover the Shamir shares...

5CVSS5AI score0.0021EPSS
Exploits0References4
NVD
NVD
added 2023/03/30 1:15 a.m.51 views

CVE-2023-25000

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a...

5CVSS5.3AI score0.0021EPSS
Exploits0References2
Wolfi
Wolfi
added 2023/03/30 1:15 a.m.27 views

CVE-2023-25000 vulnerabilities

Vulnerabilities for packages: k3d...

5CVSS7.5AI score0.0021EPSS
Exploits0
Chainguard
Chainguard
added 2023/03/30 1:15 a.m.35 views

CVE-2023-25000 vulnerabilities

Vulnerabilities for packages: k3d...

5CVSS7.3AI score0.0021EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/03/30 12:17 a.m.6 views

CVE-2023-25000 Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a...

5CVSS4.9AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2023/03/30 12:17 a.m.23 views

CVE-2023-25000 Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a...

5CVSS6.4AI score0.0021EPSS
Exploits0References5
CVE
CVE
added 2023/03/30 12:17 a.m.804 views

CVE-2023-25000

CVE-2023-25000 : HashiCorp Vault’s Shamir secret sharing uses precomputed table lookups and is vulnerable to cache-timing attacks during seal/unseal. An attacker observing many unseal operations locally could reduce the search space for recovering Shamir shares. Affected: Vault’s Shamir implement...

5CVSS4.9AI score0.0021EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder