Lucene search

[email protected]CVE-2023-0456

HistorySep 27, 2023 - 3:16 p.m.

CVE-2023-0456

2023-09-2715:16:03

CWE-862

CWE-285

[email protected]

web.nvd.nist.gov

cve-2023-0456

apicast

3scale

oidc

security flaw

unauthorized access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

A flaw was found in APICast, when 3Scale’s OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

CPENameOperatorVersion
redhat:apicastredhat apicastlt2.12.2
redhat:apicastredhat apicasteq2.0.0
redhat:apicastredhat apicastlt2.13.2

CPE	Name	Operator	Version
redhat:apicast	redhat apicast	lt	2.12.2
redhat:apicast	redhat apicast	eq	2.0.0
redhat:apicast	redhat apicast	lt	2.13.2

References

access.redhat.com/security/cve/CVE-2023-0456

bugzilla.redhat.com/show_bug.cgi?id=2163586

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for CVE-2023-0456

redhatcve1 prion1 cvelist1