Configuration in Network Observability plugin for the Openshift Console - CVE-2023-0813

 

Configuration in Network Observability plugin for the Openshift Console - CVE-2023-0813

Published: February 16, 2023


Vulnerability identifier: #VU72322
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-0813
CWE-ID: CWE-16
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: NetObserv
Affected software:
Network Observability plugin for the Openshift Console

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to an error in the authentication implementation. Setting Loki authToken configuration to DISABLE or HOST modes disables authentication. As a result, a remote attacker can gain unauthorized access to the OpenShift Console in an OpenShift cluster and obtain sensitive information.


How to mitigate CVE-2023-0813

Install updates from vendor's website.

Sources