Lucene search
Redhat.comRH:CVE-2023-4456HistoryAug 21, 2023 - 2:22 p.m.
CVE-2023-4456
2023-08-2114:22:55
redhat.com
access.redhat.com
13
flaw
lokistack
caching
authorization
unauthorized actions
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
47.8%
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Related
cvelist
cvelist
cve
cve
CVE-2023-4456
2023-08-21 17:15:50
prion
prion
Authorization
2023-08-21 17:15:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-4456
2023-08-21 17:15:50
redhat
redhat
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
47.8%
Related for RH:CVE-2023-4456