Main Vulnerability Database Vulnerabilities #VU72322

Configuration in Network Observability plugin for the Openshift Console - CVE-2023-0813

Published: February 16, 2023

Vulnerability identifier: #VU72322

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-0813

CWE-ID: CWE-16

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Network Observability plugin for the Openshift Console

Software vendor:
NetObserv

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to an error in the authentication implementation. Setting Loki authToken configuration to DISABLE or HOST modes disables authentication. As a result, a remote attacker can gain unauthorized access to the OpenShift Console in an OpenShift cluster and obtain sensitive information.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2169468

Configuration in Network Observability plugin for the Openshift Console - CVE-2023-0813

Description

Remediation

External links

Please verify you're human