Main Vulnerability Database SB2023021624

SB2023021624 - Missing authentication in NetObserv Network Observability plugin for the Openshift Console

Published: February 16, 2023

Security Bulletin ID SB2023021624

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Configuration (CVE-ID: CVE-2023-0813)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to an error in the authentication implementation. Setting Loki authToken configuration to DISABLE or HOST modes disables authentication. As a result, a remote attacker can gain unauthorized access to the OpenShift Console in an OpenShift cluster and obtain sensitive information.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2169468