MEDIUM🇵🇱 Wersja polska

CVE-2023-4958

CVSS 6.1v3.1pub. 2023-12-12upd. 2024-11-21

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
  • Red Hat Advanced Cluster Security

    APP
    Redhat
    3.04.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-1902HIGH8.8ten sam produkt

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly s...

CVE-2025-5198MEDIUM5.0ten sam produkt

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is inclu...

CVE-2024-0406MEDIUM6.1ten sam produkt

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafte...

CVE-2023-48795MEDIUM5.9ten sam produkt

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, al...

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)