Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0456

Опубликовано: 24 янв. 2023
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 2apicastAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=2163586APICast: APICast proxies the API call with incorrect JWT token to the API backend without proper authorization check

EPSS

Процентиль: 43%
0.00205
Низкий

7.4 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-0456

CVSS3: 7.4
nvd
больше 2 лет назад

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

github логотип

GHSA-cwcc-8wqw-36gf

CVSS3: 7.4
github
больше 2 лет назад

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

EPSS

Процентиль: 43%
0.00205
Низкий

7.4 High

CVSS3