CVE-2023-0813

Published: Sep 15, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

Affected (1)

Products: Redhat: Network Observability

1 product

Network Observability

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Network Observability	Version 1.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 8.0

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://access.redhat.com/errata/RHSA-2023:0786

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0813

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2169468

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2023:0786

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0813

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2169468

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.