CVE-2023-5625

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:6128	Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0188
https://access.redhat.com/errata/RHSA-2024:0213
https://access.redhat.com/security/cve/CVE-2023-5625	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244717	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*

History

16 Jan 2024, 21:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0188 - () https://access.redhat.com/errata/RHSA-2024:0213 -

09 Nov 2023, 17:34

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::* cpe:2.3:a:redhat:openstack_platform:17.1:::::::*
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:6128 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:6128 - Patch, Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2244717 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2244717 - Issue Tracking, Vendor Advisory
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-5625 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-5625 - Vendor Advisory
First Time		Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform Ibm Z Systems Redhat Redhat openshift Container Platform For Power Redhat enterprise Linux Redhat openshift Container Platform For Arm64 Redhat openstack Platform

01 Nov 2023, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-01 14:15

Updated : 2024-01-16 21:15

NVD link : CVE-2023-5625

Mitre link : CVE-2023-5625

CVE.ORG link : CVE-2023-5625

JSON object : View

Products Affected

redhat

openshift_container_platform_for_linuxone
openshift_container_platform_for_arm64
enterprise_linux
openshift_container_platform_ibm_z_systems
openshift_container_platform_for_power
openstack_platform

CWE

NVD-CWE-noinfo

7.5 /10