CVE-2023-0456

Published: Sep 27, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

Affected (2)

Products: Redhat: Apicast

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Apicast	Before 2.12.2
Redhat Apicast	From 2.13.0 to 2.13.2

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://access.redhat.com/security/cve/CVE-2023-0456

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2163586

Source: secalert@redhat.com

ExploitIssue TrackingVendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0456

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2163586

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.