VYPR
Medium severity5.7NVD Advisory· Published Aug 21, 2023· Updated Jun 17, 2026

CVE-2023-4456

CVE-2023-4456

Description

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Red Hat/RHOL-5.5-RHEL-8v5
    cpe:/a:redhat:logging:5.5::el8
    Range: v0.1.0-327
  • Red Hat/RHOL-5.6-RHEL-8v5
    cpe:/a:redhat:logging:5.6::el8
    Range: v0.1.0-326
  • Red Hat/RHOL-5.7-RHEL-8v5
    cpe:/a:redhat:logging:5.7::el8
    Range: v0.1.0-325

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.