CVE-2023-4958 — MEDIUM (6.1)

Vulnerability Description

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Redhat	Advanced Cluster Security	3.0

Related Weaknesses (CWE)

CWE-1021

References

https://access.redhat.com/errata/RHSA-2023:5206Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-4958Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1990363Issue TrackingPatch
https://access.redhat.com/errata/RHSA-2023:5206Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-4958Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1990363Issue TrackingPatch

FAQ

What is CVE-2023-4958?

CVE-2023-4958 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could expl...

How severe is CVE-2023-4958?

CVE-2023-4958 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4958?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Advanced Cluster Security.