CVE-2023-0813 Information

Description

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode authentication is no longer enforced allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2169468 https://access.redhat.com/security/cve/CVE-2023-0813 https://access.redhat.com/errata/RHSA-2023:0786

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5