CVE-2023-0813 HIGH

CVE-2023-0813: Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced

Weakness CWE-285

Published September 15, 2023

Last update September 25, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

Key dates

02Disclosure timeline

September 15, 2023 CVE published

September 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0813

Related vulnerabilities

CVE-2023-0813: Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced

01Description

02Disclosure timeline

03References

04Related CVE