Advanced Cluster Security
CVE-2023-4958
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
AnalysisAI
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-1021. In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions. Affected products include: Redhat Advanced Cluster Security.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Advanced Cluster Security
View allThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Rated high severity (CVSS 8.8), this vulnerabi
A flaw was discovered in the mholt/archiver package. Rated high severity (CVSS 7.8), this vulnerability is no authentica
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a s
Share
External POC / Exploit Code
Leaving vuln.today