A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 30 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T11:47:20.130Z

Reserved: 2023-08-21T11:46:25.407Z

Link: CVE-2023-4456

cve-icon Vulnrichment

Updated: 2024-08-02T07:31:05.461Z

cve-icon NVD

Status : Modified

Published: 2023-08-21T17:15:50.283

Modified: 2024-11-21T08:35:12.040

Link: CVE-2023-4456

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-08-21T00:00:00Z

Links: CVE-2023-4456 - Bugzilla

cve-icon OpenCVE Enrichment

No data.