Back to bug 2211026
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-05-30 10:14:24 UTC | CC | security-response-team | |
| Sandipan Roy | 2023-05-30 10:21:00 UTC | Summary | EMBARGOED CVE-2023-2974 quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, the client can force the selection of the weaker supported TLS protocol | EMBARGOED CVE-2023-2974 quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported TLS protocol |
| Sandipan Roy | 2023-05-30 10:21:12 UTC | Blocks | 2211028 | |
| Sandipan Roy | 2023-06-15 04:46:34 UTC | Severity | high | medium |
| Priority | high | medium | ||
| Sandipan Roy | 2023-06-26 06:36:19 UTC | Doc Text | A vulnerbility was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, the client can force the selection of the weaker supported TLS protocol. | |
| Sandipan Roy | 2023-06-26 06:36:30 UTC | Doc Text | A vulnerbility was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, the client can force the selection of the weaker supported TLS protocol. | A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, the client can force the selection of the weaker supported TLS protocol. |
| RaTasha Tillery-Smith | 2023-06-26 12:58:47 UTC | Doc Text | A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, the client can force the selection of the weaker supported TLS protocol. | A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. |
| Chess Hazlett | 2023-06-29 04:31:46 UTC | Group | qe_staff, security | |
| Summary | EMBARGOED CVE-2023-2974 quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported TLS protocol | CVE-2023-2974 quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported TLS protocol | ||
| CC | tqvarnst | |||
| errata-xmlrpc | 2023-06-29 11:09:57 UTC | Link ID | Red Hat Product Errata RHSA-2023:3809 | |
| Product Security DevOps Team | 2023-06-29 16:18:15 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-06-29 16:18:15 UTC | |||
| Sandipan Roy | 2023-07-04 13:09:22 UTC | Fixed In Version | Quarkus 2.13.8 | |
| TEJ RATHI | 2023-07-17 04:50:50 UTC | Fixed In Version | Quarkus 2.13.8 | quarkus 2.13.8 |
Back to bug 2211026