CVE-2023-50782 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Affected Products (NVD)

Vendor	Product	Version
redhat	ansible_automation_platform	2.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
cryptography.io	cryptography	𝑥 < 42.0.0
couchbase	couchbase_server	7.6.0
couchbase	couchbase_server	7.6.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-cryptography

bookworm	ignored
bookworm (security)	vulnerable
bullseye	ignored
bullseye (security)	vulnerable
buster	no-dsa
sid	43.0.0-1 fixed
trixie	43.0.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

python-cryptography

bionic	Fixed 2.1.4-1ubuntu1.4+esm1 released
focal	Fixed 2.8-3ubuntu0.3 released
jammy	Fixed 3.4.8-1ubuntu2.2 released
lunar	ignored
mantic	Fixed 38.0.4-4ubuntu0.23.10.2 released
noble	not-affected
trusty	ignored
xenial	Fixed 1.2.3-1ubuntu0.3+esm1 released

Common Weakness Enumeration

CWE-385 - Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

https://access.redhat.com/security/cve/CVE-2023-50782

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

https://access.redhat.com/security/cve/CVE-2023-50782

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

https://www.couchbase.com/alerts/