What is the vulnerability ID for this quarkus-core vulnerability?

The vulnerability ID for this quarkus-core vulnerability is CVE-2023-2974.

What is the severity of CVE-2023-2974?

The severity of CVE-2023-2974 is high with a CVSS score of 8.1.

Which software is affected by CVE-2023-2974?

The affected software includes quarkus-core versions up to, but not including, version 2.13.8 and Redhat Build Of Quarkus up to, but not including, version 2.13.8.

Where can I find more information about CVE-2023-2974?

You can find more information about CVE-2023-2974 on the Red Hat Security Advisory RHSA-2023:3809, the Red Hat CVE page for CVE-2023-2974, and the Red Hat Bugzilla page for bug ID 2211026.

Vulnerability/
CVE-2023-2974

high

8.1

CWE

757

30/5/2023

4/7/2023

3/5/2024

CVE-2023-2974: Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol

First published: Tue May 30 2023(Updated: )

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Build Of Quarkus	<2.13.8
maven/io.quarkus:quarkus-core	<2.16.8.Final	2.16.8.Final
redhat/quarkus	<2.13.8	2.13.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this quarkus-core vulnerability?
The vulnerability ID for this quarkus-core vulnerability is CVE-2023-2974.
What is the severity of CVE-2023-2974?
The severity of CVE-2023-2974 is high with a CVSS score of 8.1.
How does this vulnerability occur?
This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.
Which software is affected by CVE-2023-2974?
The affected software includes quarkus-core versions up to, but not including, version 2.13.8 and Redhat Build Of Quarkus up to, but not including, version 2.13.8.
Where can I find more information about CVE-2023-2974?
You can find more information about CVE-2023-2974 on the Red Hat Security Advisory RHSA-2023:3809, the Red Hat CVE page for CVE-2023-2974, and the Red Hat Bugzilla page for bug ID 2211026.

collector/nvd-index
collector/github-advisory-latest
alias/GHSA-3fhx-3vvg-2j84
alias/CVE-2023-2974
collector/nvd-cve
collector/github-advisory
agent/type
agent/author
agent/softwarecombine
agent/first-publish-date
agent/references
agent/weakness
agent/severity
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/tags
agent/description
agent/event
vendor/redhat
canonical/redhat build of quarkus
package-manager/maven
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.