CVE-2023-50782 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
redhat	ansible_automation_platform	2.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
cryptography.io	cryptography	𝑥 < 42.0.0
couchbase	couchbase_server	7.6.0
couchbase	couchbase_server	7.6.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-cryptography

bookworm	ignored
bookworm (security)	vulnerable
bullseye	ignored
bullseye (security)	vulnerable
buster	no-dsa
sid	43.0.0-1 fixed
trixie	43.0.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

python-cryptography

bionic	Fixed 2.1.4-1ubuntu1.4+esm1 released
focal	Fixed 2.8-3ubuntu0.3 released
jammy	Fixed 3.4.8-1ubuntu2.2 released
lunar	ignored
mantic	Fixed 38.0.4-4ubuntu0.23.10.2 released
noble	not-affected
trusty	ignored
xenial	Fixed 1.2.3-1ubuntu0.3+esm1 released

Common Weakness Enumeration

CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

https://access.redhat.com/security/cve/CVE-2023-50782

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

https://access.redhat.com/security/cve/CVE-2023-50782

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

https://www.couchbase.com/alerts/