CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-4910	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2238498	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*

History

13 Dec 2023, 08:15

Type	Values Removed	Values Added
CWE	~~CWE-525~~

14 Nov 2023, 17:53

Type	Values Removed	Values Added
CPE		cpe:2.3:a:redhat:3scale_api_management:2.0:::::::*
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-4910 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-4910 - Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2238498 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2238498 - Issue Tracking
First Time		Redhat Redhat 3scale Api Management
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-668

06 Nov 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-06 13:15

Updated : 2023-12-13 08:15

NVD link : CVE-2023-4910

Mitre link : CVE-2023-4910

CVE.ORG link : CVE-2023-4910

JSON object : View

Products Affected

redhat

3scale_api_management

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2023-4910", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-11-06T13:15:10.033", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-4910", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238498", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en 3Scale Admin Portal. Si un usuario cierra sesi\u00f3n en la p\u00e1gina de tokens personales y luego presiona el bot\u00f3n atr\u00e1s en el navegador, la p\u00e1gina de tokens se representa desde la memoria cach\u00e9 del navegador."}], "lastModified": "2023-12-13T08:15:51.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5434CC8-66E0-4378-AAB3-B2FECDDE61BB"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}