A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:7676 | |
https://access.redhat.com/security/cve/CVE-2023-4586 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2235564 | Issue Tracking Third Party Advisory |
Configurations
History
06 Dec 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Dec 2023, 14:49
Type | Values Removed | Values Added |
---|---|---|
CPE |
06 Nov 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Oct 2023, 13:29
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2235564 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4586 - Third Party Advisory | |
References | (MISC) https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268 - Issue Tracking, Third Party Advisory | |
First Time |
Infinispan
Redhat data Grid Redhat Netty Infinispan hot Rod Netty netty |
|
CWE | CWE-295 | |
CPE | cpe:2.3:a:redhat:data_grid:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* cpe:2.3:a:infinispan:hot_rod:-:*:*:*:*:*:*:* |
04 Oct 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-04 11:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4586
Mitre link : CVE-2023-4586
CVE.ORG link : CVE-2023-4586
JSON object : View
Products Affected
infinispan
- hot_rod
redhat
- data_grid