In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-12T10:02:33.672Z

Updated: 2024-08-02T07:44:53.761Z

Reserved: 2023-09-14T08:06:30.272Z

Link: CVE-2023-4958

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-12T10:15:10.853

Modified: 2024-11-21T08:36:20.490

Link: CVE-2023-4958

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-06-02T22:40:00Z

Links: CVE-2023-4958 - Bugzilla