{
  "threat_severity" : "Moderate",
  "public_date" : "2023-06-29T00:00:00Z",
  "bugzilla" : {
    "description" : "quarkus-core: TLS protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported TLS protocol",
    "id" : "2211026",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2211026"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-757",
  "details" : [ "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.", "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol." ],
  "acknowledgement" : "This issue was discovered by Alexander Schwartz (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat build of Quarkus 2.13.8.Final",
    "release_date" : "2023-06-29T00:00:00Z",
    "advisory" : "RHSA-2023:3809",
    "cpe" : "cpe:/a:redhat:quarkus:2.13::el8",
    "package" : "io.quarkus/quarkus-grpc:2.13.8.Final-redhat-00004"
  }, {
    "product_name" : "Red Hat build of Quarkus 2.13.8.Final",
    "release_date" : "2023-06-29T00:00:00Z",
    "advisory" : "RHSA-2023:3809",
    "cpe" : "cpe:/a:redhat:quarkus:2.13::el8",
    "package" : "io.quarkus/quarkus-vertx-http:2.13.8.Final-redhat-00004"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-2974\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2974" ],
  "name" : "CVE-2023-2974",
  "csaw" : false
}