Moderate severityNVD Advisory· Published Jul 4, 2023· Updated Aug 2, 2024
Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol
CVE-2023-2974
Description
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.quarkus:quarkus-coreMaven | < 2.16.8.Final | 2.16.8.Final |
Affected products
2- Red Hat/Red Hat build of Quarkus 2.13.8.Finalv5cpe:/a:redhat:quarkus:2.13Range: 2.13.8.Final-redhat-00004
Patches
Vulnerability mechanics
References
7- access.redhat.com/errata/RHSA-2023:3809ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-3fhx-3vvg-2j84ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-2974ghsaADVISORY
- access.redhat.com/security/cve/CVE-2023-2974ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/quarkusio/quarkus/commit/468397ae53a8d6aae933d0d406f94965e97d1935ghsaWEB
- github.com/quarkusio/quarkus/pull/34469ghsaWEB
News mentions
0No linked articles in our index yet.