Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-0813 |
CWE-ID | CWE-16 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Network Observability plugin for the Openshift Console Web applications / Modules and components for CMS |
Vendor | NetObserv |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU72322
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0813
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to an error in the authentication implementation. Setting Loki authToken configuration to DISABLE or HOST modes disables authentication. As a result, a remote attacker can gain unauthorized access to the OpenShift Console in an OpenShift cluster and obtain sensitive information.
Install updates from vendor's website.
Vulnerable software versionsNetwork Observability plugin for the Openshift Console: 0.1.0 - 0.1.8
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=2169468
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.