Back to bug 1990363
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sam Fowler | 2021-08-09 04:42:50 UTC | CC | security-response-team | |
| CC | bmontgom, eparis, jburrell, jokerman, nstielau, sponnaga | |||
| Sam Fowler | 2022-06-02 08:31:19 UTC | CC | sfowler | |
| Sam Fowler | 2022-06-02 22:39:34 UTC | Summary | EMBARGOED RHACS 3.63.0 Central: Clickjacking | EMBARGOED stackrox: Missing HTTP security headers allows for clickjacking in web UI |
| Sam Fowler | 2022-06-02 22:40:37 UTC | Summary | EMBARGOED stackrox: Missing HTTP security headers allows for clickjacking in web UI | stackrox: Missing HTTP security headers allows for clickjacking in web UI |
| CC | jburrell | |||
| Group | security, qe_staff | |||
| Sam Fowler | 2022-06-02 22:47:49 UTC | Doc Text | In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit a attacker-controlled webpage, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions. | |
| Sam Fowler | 2022-06-02 22:48:07 UTC | Doc Text | In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit a attacker-controlled webpage, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions. | In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled webpage, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions. |
| Sam Fowler | 2022-06-02 22:48:23 UTC | Doc Text | In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled webpage, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions. | In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions. |
| Sam Fowler | 2022-06-02 22:50:22 UTC | Comment | 0 | updated |
| Red Hat Bugzilla | 2023-07-07 08:29:48 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 1990363