Action not permitted
Modal body text goes here.
cve-2022-23635
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
security-advisories@github.com | https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84 | Patch, Third Party Advisory | |
security-advisories@github.com | https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f | Issue Tracking, Third Party Advisory | |
security-advisories@github.com | https://istio.io/latest/news/security/istio-security-2022-003 | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:45.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://istio.io/latest/news/security/istio-security-2022-003" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "istio", "vendor": "istio", "versions": [ { "status": "affected", "version": "\u003e= 1.13.0, \u003c 1.13.1" }, { "status": "affected", "version": "\u003e= 1.12.0, \u003c 1.12.4" }, { "status": "affected", "version": "\u003c 1.11.7" } ] } ], "descriptions": [ { "lang": "en", "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-22T22:00:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84" }, { "tags": [ "x_refsource_MISC" ], "url": "https://istio.io/latest/news/security/istio-security-2022-003" } ], "source": { "advisory": "GHSA-856q-xv3c-7f2f", "discovery": "UNKNOWN" }, "title": "Unauthenticated control plane denial of service attack in Istio", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23635", "STATE": "PUBLIC", "TITLE": "Unauthenticated control plane denial of service attack in Istio" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "istio", "version": { "version_data": [ { "version_value": "\u003e= 1.13.0, \u003c 1.13.1" }, { "version_value": "\u003e= 1.12.0, \u003c 1.12.4" }, { "version_value": "\u003c 1.11.7" } ] } } ] }, "vendor_name": "istio" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f", "refsource": "CONFIRM", "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" }, { "name": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84", "refsource": "MISC", "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84" }, { "name": "https://istio.io/latest/news/security/istio-security-2022-003", "refsource": "MISC", "url": "https://istio.io/latest/news/security/istio-security-2022-003" } ] }, "source": { "advisory": "GHSA-856q-xv3c-7f2f", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23635", "datePublished": "2022-02-22T22:00:13", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-23635\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-22T22:15:07.620\",\"lastModified\":\"2023-07-13T16:32:55.903\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\"},{\"lang\":\"es\",\"value\":\"Istio es una plataforma abierta para conectar, gestionar y asegurar microservicios. En las versiones afectadas, el plano de control de Istio, `istiod`, es vulnerable a un error de procesamiento de solicitudes, lo que permite a un atacante malicioso que env\u00ede un mensaje especialmente dise\u00f1ado que resulte en la ca\u00edda del plano de control. Este punto final se sirve a trav\u00e9s del puerto 15012 de TLS, pero no requiere ninguna autenticaci\u00f3n por parte del atacante. Para instalaciones sencillas, Istiod normalmente s\u00f3lo es alcanzable desde dentro del cl\u00faster, limitando el radio de explosi\u00f3n. Sin embargo, para algunos despliegues, especialmente las topolog\u00edas [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/), este puerto est\u00e1 expuesto a trav\u00e9s de la Internet p\u00fablica. No hay medidas de mitigaci\u00f3n adicionales efectivas, m\u00e1s all\u00e1 de la actualizaci\u00f3n. Limitar el acceso a la red a Istiod al conjunto m\u00ednimo de clientes puede ayudar a reducir el alcance de la vulnerabilidad hasta cierto punto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1284\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.7\",\"matchCriteriaId\":\"5F628089-4585-4D6E-9524-F8058D3CAA72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndExcluding\":\"1.12.4\",\"matchCriteriaId\":\"B682D44E-A685-43A4-80DE-BE04BA1D13AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndExcluding\":\"1.13.1\",\"matchCriteriaId\":\"9D493CB7-63C8-4B0A-A2F4-5697943803B0\"}]}]}],\"references\":[{\"url\":\"https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2022-003\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2022-23635
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-23635", "description": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n", "id": "GSD-2022-23635", "references": [ "https://access.redhat.com/errata/RHSA-2022:1275", "https://access.redhat.com/errata/RHSA-2022:1276" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-23635" ], "details": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.", "id": "GSD-2022-23635", "modified": "2023-12-13T01:19:35.259102Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23635", "STATE": "PUBLIC", "TITLE": "Unauthenticated control plane denial of service attack in Istio" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "istio", "version": { "version_data": [ { "version_value": "\u003e= 1.13.0, \u003c 1.13.1" }, { "version_value": "\u003e= 1.12.0, \u003c 1.12.4" }, { "version_value": "\u003c 1.11.7" } ] } } ] }, "vendor_name": "istio" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f", "refsource": "CONFIRM", "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" }, { "name": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84", "refsource": "MISC", "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84" }, { "name": "https://istio.io/latest/news/security/istio-security-2022-003", "refsource": "MISC", "url": "https://istio.io/latest/news/security/istio-security-2022-003" } ] }, "source": { "advisory": "GHSA-856q-xv3c-7f2f", "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c1.11.7||\u003e=1.12.0 \u003c1.12.4||\u003e=1.13.0 \u003c1.13.1", "affected_versions": "All versions before 1.11.7, all versions starting from 1.12.0 before 1.12.4, all versions starting from 1.13.0 before 1.13.1", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-1284", "CWE-937" ], "date": "2023-07-13", "description": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.", "fixed_versions": [ "1.11.7", "1.12.4", "1.13.1" ], "identifier": "CVE-2022-23635", "identifiers": [ "CVE-2022-23635", "GHSA-856q-xv3c-7f2f" ], "not_impacted": "", "package_slug": "go/github.com/istio/istio", "pubdate": "2022-02-22", "solution": "Upgrade to versions 1.11.7, 1.12.4, 1.13.1 or above.", "title": "Improper Authentication", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-23635", "https://istio.io/latest/news/security/istio-security-2022-003", "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84", "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" ], "uuid": "16bcef5b-c41f-49d2-88eb-750f959389d6" }, { "affected_range": "=1.13.0||\u003e=1.12.0 \u003c1.12.4||\u003c1.11.7", "affected_versions": "Version 1.13.0, all versions starting from 1.12.0 before 1.12.4, all versions before 1.11.7", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-287", "CWE-937" ], "date": "2022-04-20", "description": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.", "fixed_versions": [ "1.13.1", "1.11.7", "1.11.7" ], "identifier": "CVE-2022-23635", "identifiers": [ "GHSA-856q-xv3c-7f2f", "CVE-2022-23635" ], "not_impacted": "All versions before 1.13.0, all versions after 1.13.0, all versions before 1.12.0, all versions starting from 1.11.7 before 1.12.4", "package_slug": "go/istio.io/istio", "pubdate": "2022-02-23", "solution": "Upgrade to versions 1.13.1, 1.11.7, 1.11.7 or above.", "title": "Improper Authentication", "urls": [ "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f", "https://nvd.nist.gov/vuln/detail/CVE-2022-23635", "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84", "https://istio.io/latest/news/security/istio-security-2022-003", "https://github.com/advisories/GHSA-856q-xv3c-7f2f" ], "uuid": "3d44d13e-81f7-46cd-8051-e8ea0a4391b9" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.13.1", "versionStartIncluding": "1.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.12.4", "versionStartIncluding": "1.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.11.7", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23635" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-1284" } ] } ] }, "references": { "reference_data": [ { "name": "https://istio.io/latest/news/security/istio-security-2022-003", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://istio.io/latest/news/security/istio-security-2022-003" }, { "name": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84" }, { "name": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-07-13T16:32Z", "publishedDate": "2022-02-22T22:15Z" } } }
wid-sec-w-2022-0970
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0970 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0970.json" }, { "category": "self", "summary": "WID-SEC-2022-0970 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0970" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:4668 vom 2022-05-19", "url": "https://access.redhat.com/errata/RHSA-2022:4668" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-04-07", "url": "https://access.redhat.com/errata/RHSA-2022:1275" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-04-07", "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1679 vom 2022-05-10", "url": "https://access.redhat.com/errata/RHSA-2022:1679" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-9362 vom 2022-05-09", "url": "https://linux.oracle.com/errata/ELSA-2022-9362.html" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09", "url": "https://security.gentoo.org/glsa/202208-02" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7129 vom 2022-10-26", "url": "https://linux.oracle.com/errata/ELSA-2022-7129.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7129 vom 2022-10-25", "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7457 vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7457" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7954 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:7954" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2023-2303 vom 2023-10-20", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2303.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2944 vom 2024-05-21", "url": "https://access.redhat.com/errata/RHSA-2024:2944" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-21T22:00:00.000+00:00", "generator": { "date": "2024-05-22T08:37:47.134+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0970", "initial_release_date": "2022-04-07T22:00:00.000+00:00", "revision_history": [ { "date": "2022-04-07T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-05-10T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-05-18T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-08-09T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2022-10-25T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen" }, { "date": "2022-11-08T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-15T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-10-19T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "9" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version", "name": "Container Platform 4", "product": { "name": "Red Hat OpenShift Container Platform 4", "product_id": "T022509", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4" } } }, { "category": "product_version_range", "name": "Service Mesh \u003c2.1.2", "product": { "name": "Red Hat OpenShift Service Mesh \u003c2.1.2", "product_id": "T022580", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:service_mesh__2.1.2" } } }, { "category": "product_version_range", "name": "Service Mesh \u003c2.0.9", "product": { "name": "Red Hat OpenShift Service Mesh \u003c2.0.9", "product_id": "T022581", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:service_mesh__2.0.9" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-28851", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2020-28851" }, { "cve": "CVE-2020-28852", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2020-28852" }, { "cve": "CVE-2021-29482", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-29482" }, { "cve": "CVE-2021-29923", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-29923" }, { "cve": "CVE-2021-3121", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-3121" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-3749", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-3749" }, { "cve": "CVE-2021-43565", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-43565" }, { "cve": "CVE-2021-43824", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-43824" }, { "cve": "CVE-2021-43825", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-43825" }, { "cve": "CVE-2021-43826", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2021-43826" }, { "cve": "CVE-2022-21654", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2022-21654" }, { "cve": "CVE-2022-21655", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2022-21655" }, { "cve": "CVE-2022-23606", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2022-23606" }, { "cve": "CVE-2022-23635", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2022-23635" }, { "cve": "CVE-2022-24726", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646", "398363", "T012167", "T004914", "T022509" ] }, "release_date": "2022-04-07T22:00:00Z", "title": "CVE-2022-24726" } ] }
rhsa-2022_1275
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Service Mesh 2.1.2\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service\nmesh project, tailored for installation into an on-premise OpenShift Container\nPlatform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1275", "url": "https://access.redhat.com/errata/RHSA-2022:1275" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2050744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744" }, { "category": "external", "summary": "2050746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746" }, { "category": "external", "summary": "2050748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748" }, { "category": "external", "summary": "2050753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753" }, { "category": "external", "summary": "2050757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757" }, { "category": "external", "summary": "2050758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758" }, { "category": "external", "summary": "2057277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277" }, { "category": "external", "summary": "2061638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638" }, { "category": "external", "summary": "OSSM-1074", "url": "https://issues.redhat.com/browse/OSSM-1074" }, { "category": "external", "summary": "OSSM-1234", "url": "https://issues.redhat.com/browse/OSSM-1234" }, { "category": "external", "summary": "OSSM-303", "url": "https://issues.redhat.com/browse/OSSM-303" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1275.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2 security update", "tracking": { "current_release_date": "2024-11-22T18:32:31+00:00", "generator": { "date": "2024-11-22T18:32:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1275", "initial_release_date": "2022-04-07T18:06:45+00:00", "revision_history": [ { "date": "2022-04-07T18:06:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-07T18:06:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T18:32:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Service Mesh 2.1", "product": { "name": "OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Service Mesh" }, { "branches": [ { "category": "product_version", "name": "servicemesh-operator-0:2.1.2-4.el8.src", "product": { "name": "servicemesh-operator-0:2.1.2-4.el8.src", "product_id": "servicemesh-operator-0:2.1.2-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-0:2.1.2-4.el8.src", "product": { "name": "servicemesh-0:2.1.2-4.el8.src", "product_id": "servicemesh-0:2.1.2-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-ratelimit-0:2.1.2-4.el8.src", "product": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.src", "product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.23.0-5.el8.src", "product": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.src", "product_id": "servicemesh-prometheus-0:2.23.0-5.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.1.2-4.el8.src", "product": { "name": "servicemesh-proxy-0:2.1.2-4.el8.src", "product_id": "servicemesh-proxy-0:2.1.2-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "servicemesh-operator-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-operator-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-operator-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-cni-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-cni-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-cni-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "product": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "product_id": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-proxy-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "product": { "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-operator-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-cni-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "product": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "product_id": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "product": { "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "servicemesh-operator-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-operator-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-operator-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-cni-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-cni-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-cni-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x", "product": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x", "product_id": "servicemesh-prometheus-0:2.23.0-5.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-proxy-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-proxy-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "product": { "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "product": { "name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "product_id": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy-wasm@2.1.2-4.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src" }, "product_reference": "servicemesh-0:2.1.2-4.el8.src", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-cni-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-cni-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-cni-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-cni-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-cni-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-operator-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-operator-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src" }, "product_reference": "servicemesh-operator-0:2.1.2-4.el8.src", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-operator-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le" }, "product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x" }, "product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.src as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src" }, "product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.src", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64" }, "product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-proxy-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src" }, "product_reference": "servicemesh-proxy-0:2.1.2-4.el8.src", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-proxy-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" }, "product_reference": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le" }, "product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x" }, "product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src" }, "product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.src", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" }, "product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-43824", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050744" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Null pointer dereference when using JWT filter safe_regex match", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43824" }, { "category": "external", "summary": "RHBZ#2050744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43824", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Null pointer dereference when using JWT filter safe_regex match" }, { "cve": "CVE-2021-43825", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050746" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Use-after-free when response filters increase response data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43825" }, { "category": "external", "summary": "RHBZ#2050746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43825", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43825" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Use-after-free when response filters increase response data" }, { "cve": "CVE-2021-43826", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050748" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Use-after-free when tunneling TCP over HTTP", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43826" }, { "category": "external", "summary": "RHBZ#2050748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43826", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43826" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Use-after-free when tunneling TCP over HTTP" }, { "cve": "CVE-2022-21654", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050753" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21654" }, { "category": "external", "summary": "RHBZ#2050753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21654", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21654" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation" }, { "cve": "CVE-2022-21655", "cwe": { "id": "CWE-670", "name": "Always-Incorrect Control Flow Implementation" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050757" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Incorrect handling of internal redirects to routes with a direct response entry", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21655" }, { "category": "external", "summary": "RHBZ#2050757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21655", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21655" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "envoy: Incorrect handling of internal redirects to routes with a direct response entry" }, { "cve": "CVE-2022-23606", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050758" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23606" }, { "category": "external", "summary": "RHBZ#2050758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23606", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service" }, { "cve": "CVE-2022-23635", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2022-02-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2057277" } ], "notes": [ { "category": "description", "text": "A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "istio: unauthenticated control plane denial of service attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23635" }, { "category": "external", "summary": "RHBZ#2057277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635" }, { "category": "external", "summary": "https://istio.io/latest/news/security/istio-security-2022-003", "url": "https://istio.io/latest/news/security/istio-security-2022-003" } ], "release_date": "2022-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "istio: unauthenticated control plane denial of service attack" }, { "acknowledgments": [ { "names": [ "Oliver Liu, John Howard and Jacob Delgado" ], "organization": "Istio Product Security Working Group", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-24726", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-08T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2061638" } ], "notes": [ { "category": "description", "text": "A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src", "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24726" }, { "category": "external", "summary": "RHBZ#2061638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24726", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726" }, { "category": "external", "summary": "https://istio.io/latest/news/security/istio-security-2022-004/", "url": "https://istio.io/latest/news/security/istio-security-2022-004/" } ], "release_date": "2022-03-09T20:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:06:45+00:00", "details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src", "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x", "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion" } ] }
rhsa-2022_1276
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Service Mesh 2.0.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1276", "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1913333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333" }, { "category": "external", "summary": "1913338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" }, { "category": "external", "summary": "1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "1954368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368" }, { "category": "external", "summary": "1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "1995656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656" }, { "category": "external", "summary": "1999784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784" }, { "category": "external", "summary": "2030787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787" }, { "category": "external", "summary": "2050744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744" }, { "category": "external", "summary": "2050746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746" }, { "category": "external", "summary": "2050748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748" }, { "category": "external", "summary": "2050753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753" }, { "category": "external", "summary": "2050757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757" }, { "category": "external", "summary": "2050758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758" }, { "category": "external", "summary": "2057277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277" }, { "category": "external", "summary": "2061638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1276.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update", "tracking": { "current_release_date": "2024-11-22T19:19:58+00:00", "generator": { "date": "2024-11-22T19:19:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1276", "initial_release_date": "2022-04-07T18:02:07+00:00", "revision_history": [ { "date": "2022-04-07T18:02:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-07T18:02:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T19:19:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Service Mesh 2.0", "product": { "name": "OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Service Mesh" }, { "branches": [ { "category": "product_version", "name": "kiali-0:v1.24.7.redhat1-1.el8.src", "product": { "name": "kiali-0:v1.24.7.redhat1-1.el8.src", "product_id": "kiali-0:v1.24.7.redhat1-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.0.9-3.el8.src", "product": { "name": "servicemesh-proxy-0:2.0.9-3.el8.src", "product_id": "servicemesh-proxy-0:2.0.9-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-operator-0:2.0.9-3.el8.src", "product": { "name": "servicemesh-operator-0:2.0.9-3.el8.src", "product_id": "servicemesh-operator-0:2.0.9-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-0:2.0.9-3.el8.src", "product": { "name": "servicemesh-0:2.0.9-3.el8.src", "product_id": "servicemesh-0:2.0.9-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=src" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src", "product": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src", "product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=src" } } }, { "category": "product_version", "name": "servicemesh-cni-0:2.0.9-3.el8.src", "product": { "name": "servicemesh-cni-0:2.0.9-3.el8.src", "product_id": "servicemesh-cni-0:2.0.9-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64", "product": { "name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64", "product_id": "kiali-0:v1.24.7.redhat1-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-proxy-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-operator-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-operator-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-operator-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-mixc-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-mixs-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "product": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=x86_64" } } }, { "category": "product_version", "name": "servicemesh-cni-0:2.0.9-3.el8.x86_64", "product": { "name": "servicemesh-cni-0:2.0.9-3.el8.x86_64", "product_id": "servicemesh-cni-0:2.0.9-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "product": { "name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "product_id": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-operator-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "product": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=ppc64le" } } }, { "category": "product_version", "name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le", "product": { "name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le", "product_id": "servicemesh-cni-0:2.0.9-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "kiali-0:v1.24.7.redhat1-1.el8.s390x", "product": { "name": "kiali-0:v1.24.7.redhat1-1.el8.s390x", "product_id": "kiali-0:v1.24.7.redhat1-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-proxy-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-proxy-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-proxy-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-operator-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-operator-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-operator-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-istioctl-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-mixc-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-mixc-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-mixc-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-mixs-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-mixs-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-mixs-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "product": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=s390x" } } }, { "category": "product_version", "name": "servicemesh-cni-0:2.0.9-3.el8.s390x", "product": { "name": "servicemesh-cni-0:2.0.9-3.el8.s390x", "product_id": "servicemesh-cni-0:2.0.9-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le" }, "product_reference": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "kiali-0:v1.24.7.redhat1-1.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x" }, "product_reference": "kiali-0:v1.24.7.redhat1-1.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "kiali-0:v1.24.7.redhat1-1.el8.src as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src" }, "product_reference": "kiali-0:v1.24.7.redhat1-1.el8.src", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" }, "product_reference": "kiali-0:v1.24.7.redhat1-1.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src" }, "product_reference": "servicemesh-0:2.0.9-3.el8.src", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-cni-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-cni-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-cni-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-cni-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src" }, "product_reference": "servicemesh-cni-0:2.0.9-3.el8.src", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-cni-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-cni-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-mixc-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-mixc-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-mixc-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-mixs-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-mixs-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-mixs-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-operator-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-operator-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src" }, "product_reference": "servicemesh-operator-0:2.0.9-3.el8.src", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-operator-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-operator-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le" }, "product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x" }, "product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src" }, "product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.src", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" }, "product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le" }, "product_reference": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x" }, "product_reference": "servicemesh-proxy-0:2.0.9-3.el8.s390x", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src" }, "product_reference": "servicemesh-proxy-0:2.0.9-3.el8.src", "relates_to_product_reference": "8Base-OSSM-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", "product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" }, "product_reference": "servicemesh-proxy-0:2.0.9-3.el8.x86_64", "relates_to_product_reference": "8Base-OSSM-2.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-28851", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913333" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension", "title": "Vulnerability summary" }, { "category": "other", "text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28851" }, { "category": "external", "summary": "RHBZ#1913333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28851", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28851" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851" } ], "release_date": "2021-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension" }, { "cve": "CVE-2020-28852", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913338" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag", "title": "Vulnerability summary" }, { "category": "other", "text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28852" }, { "category": "external", "summary": "RHBZ#1913338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28852" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852" } ], "release_date": "2021-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag" }, { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921650" } ], "notes": [ { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "RHBZ#1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" } ], "release_date": "2021-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "cve": "CVE-2021-3749", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1999784" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-axios: Regular expression denial of service in trim function", "title": "Vulnerability summary" }, { "category": "other", "text": "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF\u0027s service-telemetry-operator-container and smart-gateway-operator-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3749" }, { "category": "external", "summary": "RHBZ#1999784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749" }, { "category": "external", "summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929", "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929" }, { "category": "external", "summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31", "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31" } ], "release_date": "2021-08-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-axios: Regular expression denial of service in trim function" }, { "cve": "CVE-2021-29482", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954368" } ], "notes": [ { "category": "description", "text": "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29482" }, { "category": "external", "summary": "RHBZ#1954368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29482", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29482" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482" } ], "release_date": "2020-08-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service" }, { "cve": "CVE-2021-29923", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1992006" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29923" }, { "category": "external", "summary": "RHBZ#1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923" }, { "category": "external", "summary": "https://sick.codes/sick-2021-016/", "url": "https://sick.codes/sick-2021-016/" } ], "release_date": "2021-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet" }, { "cve": "CVE-2021-36221", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2021-08-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1995656" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36221" }, { "category": "external", "summary": "RHBZ#1995656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk", "url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic" }, { "cve": "CVE-2021-43565", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030787" } ], "notes": [ { "category": "description", "text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/crypto: empty plaintext packet causes panic", "title": "Vulnerability summary" }, { "category": "other", "text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43565" }, { "category": "external", "summary": "RHBZ#2030787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565" } ], "release_date": "2021-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/crypto: empty plaintext packet causes panic" }, { "cve": "CVE-2021-43824", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050744" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Null pointer dereference when using JWT filter safe_regex match", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43824" }, { "category": "external", "summary": "RHBZ#2050744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43824", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Null pointer dereference when using JWT filter safe_regex match" }, { "cve": "CVE-2021-43825", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050746" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Use-after-free when response filters increase response data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43825" }, { "category": "external", "summary": "RHBZ#2050746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43825", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43825" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Use-after-free when response filters increase response data" }, { "cve": "CVE-2021-43826", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050748" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Use-after-free when tunneling TCP over HTTP", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43826" }, { "category": "external", "summary": "RHBZ#2050748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43826", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43826" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Use-after-free when tunneling TCP over HTTP" }, { "cve": "CVE-2022-21654", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050753" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21654" }, { "category": "external", "summary": "RHBZ#2050753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21654", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21654" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation" }, { "cve": "CVE-2022-21655", "cwe": { "id": "CWE-670", "name": "Always-Incorrect Control Flow Implementation" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050757" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Incorrect handling of internal redirects to routes with a direct response entry", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21655" }, { "category": "external", "summary": "RHBZ#2050757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21655", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21655" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "envoy: Incorrect handling of internal redirects to routes with a direct response entry" }, { "cve": "CVE-2022-23606", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050758" } ], "notes": [ { "category": "description", "text": "A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.", "title": "Vulnerability description" }, { "category": "summary", "text": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23606" }, { "category": "external", "summary": "RHBZ#2050758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23606", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606" }, { "category": "external", "summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf" } ], "release_date": "2022-02-22T07:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service" }, { "cve": "CVE-2022-23635", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2022-02-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2057277" } ], "notes": [ { "category": "description", "text": "A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "istio: unauthenticated control plane denial of service attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23635" }, { "category": "external", "summary": "RHBZ#2057277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635" }, { "category": "external", "summary": "https://istio.io/latest/news/security/istio-security-2022-003", "url": "https://istio.io/latest/news/security/istio-security-2022-003" } ], "release_date": "2022-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "istio: unauthenticated control plane denial of service attack" }, { "acknowledgments": [ { "names": [ "Oliver Liu, John Howard and Jacob Delgado" ], "organization": "Istio Product Security Working Group", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-24726", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-08T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2061638" } ], "notes": [ { "category": "description", "text": "A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "known_not_affected": [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24726" }, { "category": "external", "summary": "RHBZ#2061638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24726", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726" }, { "category": "external", "summary": "https://istio.io/latest/news/security/istio-security-2022-004/", "url": "https://istio.io/latest/news/security/istio-security-2022-004/" } ], "release_date": "2022-03-09T20:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-07T18:02:07+00:00", "details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion" } ] }
ghsa-856q-xv3c-7f2f
Vulnerability from github
Impact
The Istio control plane, istiod
, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.
For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially multicluster topologies, this port is exposed over the public internet.
Patches
- Istio 1.13.1 and above
- Istio 1.12.4 and above
- Istio 1.11.7 and above
Workarounds
There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.
References
More details can be found in the Istio Security Bulletin
For more information
If you have any questions or comments about this advisory, please email us at istio-security-vulnerability-reports@googlegroups.com
{ "affected": [ { "package": { "ecosystem": "Go", "name": "istio.io/istio" }, "ranges": [ { "events": [ { "introduced": "1.13.0" }, { "fixed": "1.13.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "1.13.0" ] }, { "package": { "ecosystem": "Go", "name": "istio.io/istio" }, "ranges": [ { "events": [ { "introduced": "1.12.0" }, { "fixed": "1.12.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "istio.io/istio" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.11.7" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-23635" ], "database_specific": { "cwe_ids": [ "CWE-1284", "CWE-287" ], "github_reviewed": true, "github_reviewed_at": "2022-02-23T14:59:08Z", "nvd_published_at": "2022-02-22T22:15:00Z", "severity": "HIGH" }, "details": "### Impact\nThe Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.\n\nFor simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet.\n\n### Patches\n\n- Istio 1.13.1 and above\n- Istio 1.12.4 and above\n- Istio 1.11.7 and above\n\n### Workarounds\nThere are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\n### References\nMore details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-003)\n\n### For more information\nIf you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)\n", "id": "GHSA-856q-xv3c-7f2f", "modified": "2022-02-25T15:38:52Z", "published": "2022-02-23T14:59:08Z", "references": [ { "type": "WEB", "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635" }, { "type": "WEB", "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84" }, { "type": "WEB", "url": "https://github.com/istio/istio" }, { "type": "WEB", "url": "https://istio.io/latest/news/security/istio-security-2022-003" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Unauthenticated control plane denial of service attack in Istio" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.