PT-2023-31264 · Red Hat · Red Hat Advanced Cluster Security

Jeremy Choi

Publicado

2023-12-12

Atualizado

2024-05-03

CVE-2023-4958

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Red Hat Advanced Cluster Security (RHACS) (affected versions not specified)

Description The issue is related to missing security-related HTTP headers in Red Hat Advanced Cluster Security (RHACS), which could allow an attacker to perform a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page that deceptively points to valid RHACS endpoints, potentially hijacking the user's account permissions to perform other actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Clickjacking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1021

Identificadores relacionados

CVE-2023-4958

Produtos afetados

Red Hat Advanced Cluster Security

PT-2023-31264 · Red Hat · Red Hat Advanced Cluster Security

CVE-2023-4958

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8