A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
| Vendor | Product | Versions |
|---|---|---|
| n | a / openshift | 4.12.0 |
| Red Hat | OpenShift Serverless | unspecified |
| Red Hat | OpenShift Service Mesh 2.2.x | unspecified |
| Red Hat | OpenShift Service Mesh 2.3.x | unspecified |
| Red Hat | OpenShift Service Mesh 2.4 | unspecified |
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 | unspecified |
| Red Hat | Red Hat JBoss A | MQ Streams — unspecified |
| Red Hat | Red Hat OpenShift Container Platform 3.11 | unspecified |
| Red Hat | Red Hat OpenShift Container Platform 4 | unspecified |
| Red Hat | Red Hat OpenShift Container Platform 4 | unspecified |
| Red Hat | Red Hat OpenShift Container Platform 4 | unspecified |
| Red Hat | Red Hat Openshift Data Foundation 4 | unspecified |
| Red Hat | Red Hat Openshift sandboxed containers | unspecified |
| Red Hat | Red Hat OpenShift Virtualization 4 | unspecified |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.