Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat: RHSA-2023-5206-01 Moderate: RHACS 4.2 Clickjacking Threat

red hat
Calendar Grey September 18, 2023
Dist Redhat Esm H88
Blue Sky Enterprise Protection patches rolled out tackling minimal security concerns along with upgrades and improvements.
Updated images are now available for Red Hat Advanced Cluster Security (RHACS)

Solution

To take advantage of the new features, bug fixes, and enhancements in RHACS 4.2, you are advised to upgrade to RHACS 4.2.

Summary

The release of RHACS 4.2 provides these changes:
Security Fix(es):
* stackrox: Missing HTTP security headers allows for clickjacking in web UI (CVE-2023-4958)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
New Features
RHACS 4.2 includes the following new features, improvements, and updates:
Platform * Bring your own PostgreSQL database for RHACS Central (Technology Preview) * The CORE BPF collection method is now GA * RHACS Product usage report * Performance improvements for the Compliance dashboard
Vulnerability management * Vulnerability scanning support for Registry Mirrors in OpenShift Container Platform * Configure delegated image scanning in the RHACS portal * Define new system policies using CVE age or fixability * On-demand and downloadable CVE report in Vulnerability Management 2.0 * Scanner supports additional operating systems
Network Security * Improvements to runtime network policy generation * Build time Network Policy tools (Technology Preview) * New Listening Endpoints menu in the RHACS portal * Viewing network policy YAML files from a violation
For notable technical changes, deprecated and removed features, and bug fixes, see the Release Notes.

Topics%20covered

Topics Covered

security advisory moderate red hat clickjacking kubernetes container security

References

https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4958 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42

Package List


Advisory ID: RHSA-2023:5206-01
Product: Red Hat Advanced Cluster Security for Kubernetes
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5206
Issue date: 2023-09-18

Topic

Updated images are now available for Red Hat Advanced Cluster Security(RHACS).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate red hat clickjacking kubernetes container security

Relevant Releases Architectures

Bugs Fixed

1990363 - CVE-2023-4958 stackrox: Missing HTTP security headers allows for clickjacking in web UI

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

ROX-19688 - Release RHACS 4.2.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here