CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhatCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
redhatnetwork_observability
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:0786
https://access.redhat.com/security/cve/CVE-2023-0813
https://bugzilla.redhat.com/show_bug.cgi?id=2169468
https://access.redhat.com/errata/RHSA-2023:0786
https://access.redhat.com/security/cve/CVE-2023-0813
https://bugzilla.redhat.com/show_bug.cgi?id=2169468