Medium severity5.7NVD Advisory· Published Aug 21, 2023· Updated Jun 17, 2026
CVE-2023-4456
CVE-2023-4456
Description
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Red Hat/RHOL-5.5-RHEL-8v5cpe:/a:redhat:logging:5.5::el8Range: v0.1.0-327
- Red Hat/RHOL-5.6-RHEL-8v5cpe:/a:redhat:logging:5.6::el8Range: v0.1.0-326
- Red Hat/RHOL-5.7-RHEL-8v5cpe:/a:redhat:logging:5.7::el8Range: v0.1.0-325
Patches
Vulnerability mechanics
References
5- access.redhat.com/security/cve/CVE-2023-4456nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2023:4933nvd
- access.redhat.com/errata/RHSA-2023:5095nvd
- access.redhat.com/errata/RHSA-2023:5096nvd
News mentions
0No linked articles in our index yet.