In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:LRed Hat Advanced Cluster Security
APPRedhat3.04.0
Related vulnerabilities
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly s...
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is inclu...
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafte...
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, al...
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)