A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
Metrics
Affected Vendors & Products
References
History
Wed, 25 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-09-15T20:17:41.914Z
Updated: 2024-09-25T13:35:54.194Z
Reserved: 2023-02-13T16:49:21.409Z
Link: CVE-2023-0813
Vulnrichment
Updated: 2024-08-02T05:24:34.543Z
NVD
Status : Modified
Published: 2023-09-15T21:15:08.953
Modified: 2024-11-21T07:37:53.203
Link: CVE-2023-0813
Redhat