Unrated severityNVD Advisory· Published Sep 27, 2023· Updated Sep 24, 2024
Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check
CVE-2023-0456
Description
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:/a:redhat:red_hat_3scale_amp:2
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2023-0456mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.