How severe is CVE-2023-0296?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-0296?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2023-0296 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.

Related Vulnerabilities

CVE-2018-18587

MEDIUM

CVSS:5.3(Medium)

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.

CWE-3272018

CVE-2018-1996

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obt...

CWE-3272018

CVE-2019-4325

MEDIUM

CVSS:5.3(Medium)

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."

CWE-3272019

CVE-2019-5135

MEDIUM

CVSS:5.3(Medium)

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes u...

CWE-3272019

CVE-2019-9836

MEDIUM

CVSS:5.3(Medium)

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic impl...

CWE-3272019

CVE-2020-1596

MEDIUM

CVSS:5.3(Medium)

<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise ...

CWE-3272020