{"id":"CVE-2023-4958","details":"In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.","modified":"2026-03-13T07:47:05.365646Z","published":"2023-12-12T10:15:10.853Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:5206"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-4958"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1990363"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/stackrox/stackrox","events":[{"introduced":"0"},{"last_affected":"63fce4eb4d89f3a88734d1950a128a02b0abcf74"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0"}]}}],"versions":["3.65.x","3.67.x","3.68.x","3.69.x","3.70.x","3.71.x","3.72.x","3.73.x","3.74.x","4.0.x"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4958.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}