Vulnerabilities > CVE-2023-4456 - Unspecified vulnerability in Redhat Openshift Logging

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2023-08-21

Updated: 2023-11-07

Summary

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openshift Logging *	1

References

https://access.redhat.com/security/cve/CVE-2023-4456
https://bugzilla.redhat.com/show_bug.cgi?id=2233087
https://access.redhat.com/errata/RHSA-2023:4933
https://access.redhat.com/errata/RHSA-2023:5096
https://access.redhat.com/errata/RHSA-2023:5095