OpenSSL v3 CRITICAL Vulnerability Disclosed

Panoptica Support for OpenSSL CRITICAL Vulnerability

On October 25, the OpenSSL project team announced a new release of OpenSSL version 3.0.7, which will be available on Tuesday, November 1, between 13:00-17:00 UTC.

This new version will fix a NEW CRITICAL security vulnerability affecting OpenSSL versions between 3.0 and 3.0.6 (included). According to OpenSSL severity policy, a critical severity is assigned when the issue affects common configurations, which are also likely exploitable.

Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities that can easily be exploited remotely to compromise a server's private keys, or where remote code execution is considered likely in common situations.

Panoptica alerts on all vulnerable assets, including compute and containers, on the Vulnerabilities page with the CVE ID of CVE-OPENSSL-UNDISCLOSED.

Follow these steps to locate all your vulnerable assets:

  • Log in to the Panoptica platform
  • Go to the Vulnerabilities page
  • If there are vulnerable assets, click on the result row
  • A side panel opens with the full Details and Assets list

We recommend prioritizing the impacted assets in the following order:

  • Public assets
  • Assets with sensitive data
  • All other non-public, less sensitive, etc.