PT-2023-5466 · Red Hat · 3Scale Admin Portal
Sandipan Roy
·
Published
2023-09-12
·
Updated
2023-12-13
·
CVE-2023-4910
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
3Scale Admin Portal (affected versions not specified)
Description
A flaw was found in 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache, potentially allowing an attacker to disclose protected information.
Recommendations
As a temporary workaround, consider clearing the browser cache after logging out from the personal tokens page to minimize the risk of exploitation.
Restrict access to the personal tokens page until a patch is available.
Avoid using the back button in the browser after logging out from the personal tokens page until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
3Scale Admin Portal