PT-2023-29271 · Red Hat · Openshift-Logging Lokistack

Avinash Hanwate

Publicado

2023-08-21

Atualizado

2023-09-20

CVE-2023-4456

CVSS v3.1

5.7

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions openshift-logging LokiStack (affected versions not specified)

Description A flaw was found in openshift-logging LokiStack, where the key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1220

Identificadores relacionados

CVE-2023-4456

Produtos afetados

Openshift-Logging Lokistack

PT-2023-29271 · Red Hat · Openshift-Logging Lokistack

CVE-2023-4456

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8