Lucene search

RedhatCVELIST:CVE-2023-4910

HistoryNov 06, 2023 - 12:49 p.m.

CVE-2023-4910 3scale-admin-portal: logged out users tokens can be accessed

2023-11-0612:49:37

CWE-668

redhat

www.cve.org

cve-2023-4910 3scale-admin-portal tokens browser-cache

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat 3scale API Management Platform 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "3scale-admin-portal",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:red_hat_3scale_amp:2"
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2023-4910

bugzilla.redhat.com/show_bug.cgi?id=2238498

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-4910