In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an malicious user to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat advanced cluster security 3.0 |
||
redhat advanced cluster security 4.0 |