Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

Published

2023-09-15T21:15:08.953

Last Modified

2024-11-21T07:37:53.203

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	network_observability	1.0	Yes
Operating System	redhat	enterprise_linux	8.0	No

References

https://access.redhat.com/errata/RHSA-2023:0786 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-0813 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2169468 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:0786 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-0813 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2169468 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)