CVE-2023-4910

CWE-668 — Exposure to Wrong Sphere CWE-5254 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 86.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat 3scale API Management

Timeline

PublishedNov 6

Description

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/3scale_api_management2.0

🔴Vulnerability Details

CVEList

3scale-admin-portal: logged out users tokens can be accessed↗2023-11-06

▶

GHSA

GHSA-g849-x577-8j36: A flaw was found In 3Scale Admin Portal↗2023-11-06

▶

📋Vendor Advisories

Red Hat

3scale-admin-portal: logged out users tokens can be accessed↗2023-09-12

▶