VYPR
Moderate severityNVD Advisory· Published Jul 4, 2023· Updated Aug 2, 2024

Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol

CVE-2023-2974

Description

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.quarkus:quarkus-coreMaven
< 2.16.8.Final2.16.8.Final

Affected products

2
  • Red Hat/Red Hat build of Quarkus 2.13.8.Finalv5
    cpe:/a:redhat:quarkus:2.13
    Range: 2.13.8.Final-redhat-00004
  • ghsa-coords
    Range: < 2.16.8.Final

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.