Skip to content

Commit

Permalink
Update documentation/modules/rn-2.5.adoc
Browse files Browse the repository at this point in the history
  • Loading branch information
anarnold97 authored Feb 18, 2024
1 parent ff94f1d commit 925a4f3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion documentation/modules/rn-2.5.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ This release has the following resolved issues:

.Flaw was found in jsrsasign package which is vulnerable to Observable Discrepancy

Versions of the package `jsrsasign` before 11.0.0, used in previous releases of {project-short}, are vulnerable to Observable Discrepancy in the RSA PKCS1.5 or RSA-OAEP decryption process. This discrepancy means an attacker could decrypt ciphertexts by exploiting this vulnerability. However, exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. This issue has been resolved in {project-short} 2.5.5 by upgrading the package 'jsrasign` to version 11.0.0.
Versions of the package `jsrsasign` before 11.0.0, used in previous releases of {project-short}, are vulnerable to Observable Discrepancy in the RSA PKCS1.5 or RSA-OAEP decryption process. This discrepancy means an attacker could decrypt ciphertexts by exploiting this vulnerability. However, exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. This issue has been resolved in {project-short} 2.5.5 by upgrading the package `jsrasign` to version 11.0.0.

For more information, see link:https://access.redhat.com/security/cve/CVE-2024-21484[CVE-2024-21484].

Expand Down

0 comments on commit 925a4f3

Please sign in to comment.