CVE-2023-4958: Stackrox: missing http security headers allows for clickjacking in web ui
First published: Thu Aug 05 2021(Updated: )
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Advanced Cluster Security | =3.0 | |
| Redhat Advanced Cluster Security Kubernates | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-4958
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/event
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat advanced cluster security
- version/redhat advanced cluster security/3.0
- canonical/redhat advanced cluster security kubernates
- version/redhat advanced cluster security kubernates/4.0