CVE-2023-0813
Last modified
CVE-2023-0813 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Network Observability | 1.0 |
References
- https://access.redhat.com/errata/RHSA-2023:0786Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-0813Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2169468Issue Tracking, Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:0786Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-0813Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2169468Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0813?
How severe is CVE-2023-0813?
How do I fix CVE-2023-0813?
Are you affected by CVE-2023-0813?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST