CVE-2023-4958

Summary

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Advanced Cluster Security 4.24.2.0-6 < *unaffected

Weaknesses

  • CWE-1021: Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CVE Program Container

Additional References

References