Home > Vulnerability Database > CVE-2023-0813

Mend.io Vulnerability Database

CVE-2023-0813

Date: September 15, 2023

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

Language: Go

Severity Score

7.5

Related Resources (5)

Url: https://access.redhat.com/errata/RHSA-2023:0786

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-0813

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2169468

Url: https://access.redhat.com/security/cve/CVE-2023-0813

Url: https://www.mend.io/vulnerability-database/CVE-2023-0813

Severity Score

7.5

Weakness Type (CWE)

Authentication Issues

CWE-287

Improper Authorization

CWE-285

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-0813

Date: September 15, 2023

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?