CVE-2023-4456 MEDIUM

CVE-2023-4456: Openshift-logging: lokistack authorisation is cached too broadly

Weakness CWE-1220
Published August 21, 2023
Last update November 20, 2025

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Key dates

02Disclosure timeline

August 21, 2023 CVE published
November 20, 2025 Record updated