CVE-2023-2974

Summary

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat build of Quarkus 2.13.8.Final2.13.8.Final-redhat-00004 < *unaffected
Red HatRed Hat build of Quarkus 2.13.8.Final2.13.8.Final-redhat-00004 < *unaffected

Weaknesses

  • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

ADP Enrichment

CVE Program Container

Additional References

References