A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
History

Wed, 25 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-15T20:17:41.914Z

Updated: 2024-09-25T13:35:54.194Z

Reserved: 2023-02-13T16:49:21.409Z

Link: CVE-2023-0813

cve-icon Vulnrichment

Updated: 2024-08-02T05:24:34.543Z

cve-icon NVD

Status : Modified

Published: 2023-09-15T21:15:08.953

Modified: 2024-05-03T16:15:09.690

Link: CVE-2023-0813

cve-icon Redhat

Severity : Important

Publid Date: 2023-02-13T00:00:00Z

Links: CVE-2023-0813 - Bugzilla