RHSA-2023:0786 - Security Advisory
Security Advisory: Important
Network observability 1.1.0 release for OpenShift
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Network observability is an OpenShift operator that provides a monitoring
pipeline to collect and enrich network flows that are produced by the
Network observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a
queryable log store, Grafana Loki. When a FlowCollector is deployed, new
dashboards are available in the Console.
- network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced (CVE-2023-0813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Apply this errata by upgrading Network observability operator 1.0 to 1.1
- Network Observability (NETOBSERV) 1 for RHEL 8 x86_64
- BZ - 2169468 - CVE-2023-0813 network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced