CVE-2023-4910 MEDIUM

CVE-2023-4910: 3scale-admin-portal: logged out users tokens can be accessed

Vendor Red Hat
Product Red Hat 3scale API Management Platform 2
Weakness CWE-668
Published November 6, 2023
Last update November 20, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

Key dates

02Disclosure timeline

November 6, 2023 CVE published
November 20, 2025 Record updated