First published: Mon Feb 13 2023(Updated: )
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Network Observability | =1.0 | |
Red Hat Enterprise Linux | =8.0 | |
All of | ||
Red Hat Network Observability | =1.0 | |
Red Hat Enterprise Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0813 has been categorized as a medium severity vulnerability due to improper authentication enforcement.
To mitigate CVE-2023-0813, set the Loki authToken configuration to FORWARD mode to ensure proper authentication.
CVE-2023-0813 affects users of the Network Observability plugin for OpenShift console, specifically version 1.0.
The potential impact of CVE-2023-0813 includes unauthorized retrieval of flow data by users who can access the OpenShift Console.
Yes, CVE-2023-0813 is exploitable remotely by any user with access to the OpenShift Console.