RHSA-2023:5175
Vulnerability from csaf_redhat
Published
2023-09-14 17:33
Modified
2024-11-23 00:01
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.2.10
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)
* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)
* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh 2.2.10\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)\n\n* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)\n\n* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5175", url: "https://access.redhat.com/errata/RHSA-2023:5175", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2217977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217977", }, { category: "external", summary: "2217983", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217983", }, { category: "external", summary: "2217985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217985", }, { category: "external", summary: "OSSM-4799", url: "https://issues.redhat.com/browse/OSSM-4799", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5175.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update", tracking: { current_release_date: "2024-11-23T00:01:56+00:00", generator: { date: "2024-11-23T00:01:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:5175", initial_release_date: "2023-09-14T17:33:39+00:00", revision_history: [ { date: "2023-09-14T17:33:39+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-14T17:33:39+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T00:01:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.2 for RHEL 8", product: { name: "RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.2::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.2.10-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.2.10-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.48.8-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.2.10-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.2.10-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", product: { name: "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", product_id: "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", product_identification_helper: { purl: "pkg:oci/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8&tag=2.2.10-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.2.10-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.2.10-1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.2.10-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.2.10-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.48.8-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.2.10-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.2.10-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", product: { name: "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", product_id: "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", product_identification_helper: { purl: "pkg:oci/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8&tag=2.2.10-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.2.10-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.2.10-1", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.2.10-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.2.10-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.48.8-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.2.10-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.2.10-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", product: { name: "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", product_id: "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", product_identification_helper: { purl: "pkg:oci/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8&tag=2.2.10-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.2.10-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.2.10-1", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", }, product_reference: "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", }, product_reference: "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", }, product_reference: "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, ], }, vulnerabilities: [ { cve: "CVE-2023-35941", cwe: { id: "CWE-303", name: "Incorrect Implementation of Authentication Algorithm", }, discovery_date: "2023-06-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2217977", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check.", title: "Vulnerability description", }, { category: "summary", text: "envoy: OAuth2 credentials exploit with permanent validity", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35941", }, { category: "external", summary: "RHBZ#2217977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217977", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35941", url: "https://www.cve.org/CVERecord?id=CVE-2023-35941", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35941", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35941", }, ], release_date: "2023-07-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-14T17:33:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5175", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: OAuth2 credentials exploit with permanent validity", }, { cve: "CVE-2023-35944", cwe: { id: "CWE-178", name: "Improper Handling of Case Sensitivity", }, discovery_date: "2023-06-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2217985", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filter, it will fail the exact-match checks for HTTP and inform the remote endpoint the scheme is HTTP, thus potentially bypassing OAuth2 checks specific to HTTP requests.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35944", }, { category: "external", summary: "RHBZ#2217985", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217985", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35944", url: "https://www.cve.org/CVERecord?id=CVE-2023-35944", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35944", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35944", }, ], release_date: "2023-07-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-14T17:33:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5175", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes", }, { acknowledgments: [ { names: [ "Yan Avlasov", ], organization: "Google", }, ], cve: "CVE-2023-35945", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-06-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2217983", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoy’s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY frames from an upstream server.", title: "Vulnerability description", }, { category: "summary", text: "envoy: HTTP/2 memory leak in nghttp2 codec", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35945", }, { category: "external", summary: "RHBZ#2217983", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2217983", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35945", url: "https://www.cve.org/CVERecord?id=CVE-2023-35945", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35945", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35945", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r", }, ], release_date: "2023-07-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-14T17:33:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5175", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: HTTP/2 memory leak in nghttp2 codec", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.