rhsa-2023_4625
Vulnerability from csaf_redhat
Published
2023-08-11 16:47
Modified
2024-11-23 00:01
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.2 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.4.2 Containers
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)
* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)
* envoy: CORS filter segfault when origin header is removed (CVE-2023-35943)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh 2.4.2 Containers\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)\n\n* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)\n\n* envoy: CORS filter segfault when origin header is removed (CVE-2023-35943)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4625", url: "https://access.redhat.com/errata/RHSA-2023:4625", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2217977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217977", }, { category: "external", summary: "2217985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217985", }, { category: "external", summary: "2217987", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217987", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4625.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.2 security update", tracking: { current_release_date: "2024-11-23T00:01:40+00:00", generator: { date: "2024-11-23T00:01:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:4625", initial_release_date: "2023-08-11T16:47:49+00:00", revision_history: [ { date: "2023-08-11T16:47:49+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-11T16:47:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T00:01:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.4 for RHEL 8", product: { name: "RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.2-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.2-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.2-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.2-4", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.2-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.2-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.2-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.2-4", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.2-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.2-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.2-8", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.2-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.2-4", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.2-4", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, ], }, vulnerabilities: [ { cve: "CVE-2023-35941", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-06-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2217977", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check.", title: "Vulnerability description", }, { category: "summary", text: "envoy: OAuth2 credentials exploit with permanent validity", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], known_not_affected: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35941", }, { category: "external", summary: "RHBZ#2217977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217977", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35941", url: "https://www.cve.org/CVERecord?id=CVE-2023-35941", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35941", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35941", }, ], release_date: "2023-07-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:47:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4625", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: OAuth2 credentials exploit with permanent validity", }, { cve: "CVE-2023-35943", discovery_date: "2023-06-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2217987", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy. Suppose an origin header is configured to be removed with request_headers_to_remove: origin. The CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeaders and encodeHeaders.", title: "Vulnerability description", }, { category: "summary", text: "envoy: CORS filter segfault when origin header is removed", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], known_not_affected: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35943", }, { category: "external", summary: "RHBZ#2217987", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217987", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35943", url: "https://www.cve.org/CVERecord?id=CVE-2023-35943", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35943", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35943", }, ], release_date: "2023-07-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:47:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4625", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: CORS filter segfault when origin header is removed", }, { cve: "CVE-2023-35944", cwe: { id: "CWE-178", name: "Improper Handling of Case Sensitivity", }, discovery_date: "2023-06-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2217985", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filter, it will fail the exact-match checks for HTTP and inform the remote endpoint the scheme is HTTP, thus potentially bypassing OAuth2 checks specific to HTTP requests.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], known_not_affected: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35944", }, { category: "external", summary: "RHBZ#2217985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35944", url: "https://www.cve.org/CVERecord?id=CVE-2023-35944", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35944", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35944", }, ], release_date: "2023-07-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:47:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4625", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes", }, { acknowledgments: [ { names: [ "Yan Avlasov", ], organization: "Google", }, ], cve: "CVE-2023-35945", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-06-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2217983", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoy’s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY frames from an upstream server.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 memory leak in nghttp2 codec", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], known_not_affected: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35945", }, { category: "external", summary: "RHBZ#2217983", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217983", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35945", url: "https://www.cve.org/CVERecord?id=CVE-2023-35945", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35945", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35945", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r", }, ], release_date: "2023-07-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:47:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4625", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: HTTP/2 memory leak in nghttp2 codec", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.