CVE-2023-50782 HIGH

CVE-2023-50782: Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

Vendor Red Hat

Product Red Hat Ansible Automation Platform 2

Weakness CWE-203

Published February 5, 2024

Last update March 24, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

Description

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Key dates

Disclosure timeline

February 5, 2024 CVE published

March 24, 2026 Record updated

Identifiers

CVE CVE-2023-50782

CWE CWE-203

CVSS 7.5 / HIGH

Affected versions

Vendor Red Hat

Product Red Hat Ansible Automation Platform 2

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 9

Affected All versions

Vendor Red Hat

Product Red Hat Satellite 6

Affected All versions

Vendor Red Hat

Product Red Hat Update Infrastructure 4 for Cloud Providers

Affected All versions