CVE-2023-50782

CVSS v3.1 7.5 (High)

EPSS 0.10 % (41^th)

Affected Products 5

Advisories 2

NVD Status Analyzed

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Weaknesses

CWE-203: Observable Discrepancy
CWE-208: Observable Timing Discrepancy

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: Red Hat, Inc.
Published Date: 2024-02-05 21:15:11
(7 months ago)
Updated Date: 2024-09-05 16:43:20
(2 days ago)

Affected Products

Couchbase

Couchbase Server

Cryptography.io

Cryptography

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Ansible Automation Platform 2.0	cpe:2.3:a:redhat:ansible_automation_platform:2.0

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0

Configuration #3

		CPE23	From	Up To
	Redhat Update Infrastructure 4	cpe:2.3:a:redhat:update_infrastructure:4

Configuration #4

		CPE23	From	Up To
	Cryptography.io Cryptography for Python prior 42.0.0 version	cpe:2.3:a:cryptography.io:cryptography::::::python		< 42.0.0

Configuration #5

		CPE23	From	Up To
	Couchbase Server 7.6.0	cpe:2.3:a:couchbase:couchbase_server:7.6.0
	Couchbase Server 7.6.1	cpe:2.3:a:couchbase:couchbase_server:7.6.1