CVE-2023-3089: 
Podman vulnerability analysis and mitigation

A compliance issue was discovered in the Red Hat OpenShift Container Platform where not all cryptographic modules were FIPS-validated when FIPS mode was enabled. The vulnerability was assigned CVE-2023-3089 and was first reported in June 2023. This affected multiple versions of Red Hat OpenShift Container Platform, including versions 4.10, 4.11, 4.12, and 4.13 (Red Hat Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Red Hat assessed it with a score of 7.0 (HIGH) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L. The issue specifically relates to cryptographic compliance when FIPS mode is enabled (NVD).

When FIPS mode was enabled in the affected systems, some cryptographic modules in use were not FIPS-validated, potentially compromising the system's compliance with federal security standards. This could affect organizations required to maintain FIPS compliance for their operations (Red Hat Advisory).

Red Hat has addressed this vulnerability through multiple security advisories and patches across their product line. Updates have been released for OpenShift Container Platform versions 4.10 through 4.14, as well as related products such as OpenShift Service Mesh, Advanced Cluster Management for Kubernetes, and OpenShift Data Foundation (Red Hat Bugzilla).