QwikSec

Security Database

CVE

CWE

Training

CVE-2023-4456

Published: Aug 21, 2023

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.1

5.7

MEDIUM

Description

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Vendor	Product	Versions
Red Hat	RHOL-5.5-RHEL-8	unaffected `v0.1.0-327 - < *`
Red Hat	RHOL-5.6-RHEL-8	unaffected `v0.1.0-326 - < *`
Red Hat	RHOL-5.7-RHEL-8	unaffected `v0.1.0-325 - < *`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

References

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-4456

vdb-entry

x_refsource_REDHAT

issue-tracking

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.