Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat: RHSA-2023-0786-01 Important: Network Observability Security Fix

red hat
Calendar Grey February 15, 2023
Dist Redhat Esm H88
Unveil the key revisions in Red Hat's Network Observability 1.1.0, which tackles various security vulnerabilities and introduces significant improvements.
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important

Solution

Apply this errata by upgrading Network observability operator 1.0 to 1.1

Summary

Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
Security Fix(es):
* network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced (CVE-2023-0813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update important authentication issue security impact network observability

References

https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3602 https://access.redhat.com/security/cve/CVE-2022-3715 https://access.redhat.com/security/cve/CVE-2022-3786 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-33099 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0813 https://access.redhat.com/security/updates/classification/#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:0786-01
Product: NETOBSERV
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0786
Issue date: 2023-02-15

Topic

Network observability 1.1.0 release for OpenShiftRed Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update important authentication issue security impact network observability

Relevant Releases Architectures

Bugs Fixed

2169468 - CVE-2023-0813 network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here