Critical Flaw Found in Network Observability Plugin for Red Hat OpenShift Could Expose Sensitive Logs

CVECVE-2023-0813
CVSScvssV3_1: 8.6
SourceCVE-2023-0813

A critical vulnerability was discovered in the Network Observability plugin for Red Hat OpenShift that could allow unauthorized access to logs and flows data.

The Network Observability plugin is used to monitor network traffic and flows within OpenShift container platforms. It uses the open source log aggregation tool Loki to collect and store logs. The vulnerability arises due to a configuration issue where authentication is not properly enforced when connecting to Loki.

This allows any user who can access the OpenShift console without authentication to also retrieve logs and flows data from Loki. Since this data could contain sensitive information about applications and network activity, it is important that it is not exposed.

Attackers could exploit this vulnerability to steal confidential logs or monitor internal network traffic without authorization. They just need access to the OpenShift console interface.

The CVSS score for this issue is 8.6 out of 10, making it a severe risk.

Administrators are advised to ensure the Loki ‘authToken’ configuration is set to ‘FORWARD’ mode. This will enforce authentication when connecting to Loki through the Network Observability plugin. Keeping software and plugins updated is also recommended.

Users should contact their Red Hat representatives to obtain updates addressing this vulnerability as soon as possible to prevent unauthorized access to their logs and network monitoring data.

References