VYPR
Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Aug 2, 2024

Stackrox: missing http security headers allows for clickjacking in web ui

CVE-2023-4958

Description

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:/a:redhat:advanced_cluster_security:3+ 2 more
    • cpe:/a:redhat:advanced_cluster_security:3
    • cpe:/a:redhat:advanced_cluster_security:4.2::el8range: 4.2.0-6
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.