Action not permitted
Modal body text goes here.
cve-2023-35941
Vulnerability from cvelistv5
Published
2023-07-25 17:40
Modified
2024-08-02 16:37
Severity
Summary
Envoy vulnerable to OAuth2 credentials exploit with permanent validity
References
| Source | URL | Tags |
|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55 | Third Party Advisory |
Impacted products
| Vendor | Product |
|---|---|
| envoyproxy | envoy |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.26.0, \u003c 1.26.4"
},
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.9"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.10"
},
{
"status": "affected",
"version": "\u003c 1.23.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter\u0027s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host\u0027s domain configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T17:40:56.203Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
}
],
"source": {
"advisory": "GHSA-7mhv-gr67-hq55",
"discovery": "UNKNOWN"
},
"title": "Envoy vulnerable to OAuth2 credentials exploit with permanent validity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35941",
"datePublished": "2023-07-25T17:40:56.203Z",
"dateReserved": "2023-06-20T14:02:45.596Z",
"dateUpdated": "2024-08-02T16:37:40.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-35941\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-07-25T18:15:10.993\",\"lastModified\":\"2023-08-02T18:34:33.230\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter\u0027s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host\u0027s domain configuration.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.23.0\",\"versionEndExcluding\":\"1.23.12\",\"matchCriteriaId\":\"588736F6-2FDC-4CF7-AFFA-7CFE16ED6EC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.24.0\",\"versionEndExcluding\":\"1.24.10\",\"matchCriteriaId\":\"D8412E60-1C2F-4764-94F5-563FAA297466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.9\",\"matchCriteriaId\":\"0EC8FEB8-BB13-443C-8905-30B03F8F52E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.4\",\"matchCriteriaId\":\"DA35F763-2810-4231-B5A9-93310BF7B765\"}]}]}],\"references\":[{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
wid-sec-w-2023-2058
Vulnerability from csaf_certbund
Published
2023-08-13 22:00
Modified
2023-10-08 22:00
Summary
Red Hat OpenShift Service Mesh und Service Mesh Containers: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2058 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2058.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2058 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2058"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3997-1 vom 2023-10-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016564.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2023-007 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2023-007.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5175 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5175"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5174 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5174"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12772 vom 2023-09-11",
"url": "https://linux.oracle.com/errata/ELSA-2023-12772.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12781 vom 2023-09-08",
"url": "https://linux.oracle.com/errata/ELSA-2023-12781.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12780 vom 2023-09-08",
"url": "https://linux.oracle.com/errata/ELSA-2023-12780.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12771 vom 2023-09-06",
"url": "https://linux.oracle.com/errata/ELSA-2023-12771.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2ECS-2023-006 vom 2023-09-07",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2023-006.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4627 vom 2023-08-13",
"url": "https://access.redhat.com/errata/RHSA-2023:4627"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4625 vom 2023-08-13",
"url": "https://access.redhat.com/errata/RHSA-2023:4625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4624 vom 2023-08-13",
"url": "https://access.redhat.com/errata/RHSA-2023:4624"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4623 vom 2023-08-13",
"url": "https://access.redhat.com/errata/RHSA-2023:4623"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Service Mesh und Service Mesh Containers: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-08T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:40:28.297+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2058",
"initial_release_date": "2023-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon und Oracle Linux aufgenommen"
},
{
"date": "2023-09-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-10-08T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux \u003c Migration Toolkit for Applications 6.2.0",
"product": {
"name": "Red Hat Enterprise Linux \u003c Migration Toolkit for Applications 6.2.0",
"product_id": "T029302",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:migration_toolkit_for_applications_6.2.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift \u003c Service Mesh 2.2.9",
"product": {
"name": "Red Hat OpenShift \u003c Service Mesh 2.2.9",
"product_id": "T029299",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh_2.2.9"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift \u003c Service Mesh 2.3.6 Containers",
"product": {
"name": "Red Hat OpenShift \u003c Service Mesh 2.3.6 Containers",
"product_id": "T029300",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh_2.3.6_containers"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift \u003c Service Mesh 2.4.2 Containers",
"product": {
"name": "Red Hat OpenShift \u003c Service Mesh 2.4.2 Containers",
"product_id": "T029301",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh_2.4.2_containers"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-35945",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-35945"
},
{
"cve": "CVE-2023-35944",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-35944"
},
{
"cve": "CVE-2023-35943",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-35943"
},
{
"cve": "CVE-2023-35942",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-35942"
},
{
"cve": "CVE-2023-35941",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-35941"
},
{
"cve": "CVE-2023-27496",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-27496"
},
{
"cve": "CVE-2023-27493",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-27493"
},
{
"cve": "CVE-2023-27492",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-27492"
},
{
"cve": "CVE-2023-27491",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-27491"
},
{
"cve": "CVE-2023-27488",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-27488"
},
{
"cve": "CVE-2023-27487",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift Service Mesh und Service Mesh Containers, sowie Red Hat Enterprise Linux existieren mehrere Schwachstellen in der Komponente \"Envoy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646",
"398363",
"T004914"
]
},
"release_date": "2023-08-13T22:00:00Z",
"title": "CVE-2023-27487"
}
]
}
rhsa-2023_4624
Vulnerability from csaf_redhat
Published
2023-08-11 16:47
Modified
2024-09-16 12:36
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.6 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.3.6 Containers
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)
* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)
* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)
* envoy: gRPC access log crash caused by the listener draining (CVE-2023-35942)
* envoy: CORS filter segfault when origin header is removed (CVE-2023-35943)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.3.6 Containers\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)\n\n* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)\n\n* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)\n\n* envoy: gRPC access log crash caused by the listener draining (CVE-2023-35942)\n\n* envoy: CORS filter segfault when origin header is removed (CVE-2023-35943)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4624",
"url": "https://access.redhat.com/errata/RHSA-2023:4624"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2217977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217977"
},
{
"category": "external",
"summary": "2217978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217978"
},
{
"category": "external",
"summary": "2217983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217983"
},
{
"category": "external",
"summary": "2217985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217985"
},
{
"category": "external",
"summary": "2217987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217987"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_4624.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.6 security update",
"tracking": {
"current_release_date": "2024-09-16T12:36:47+00:00",
"generator": {
"date": "2024-09-16T12:36:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:4624",
"initial_release_date": "2023-08-11T16:47:28+00:00",
"revision_history": [
{
"date": "2023-08-11T16:47:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-08-11T16:47:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T12:36:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.3 for RHEL 8",
"product": {
"name": "RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.6-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.6-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.6-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.6-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.6-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-35941",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217977"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter\u0027s HMAC check.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: OAuth2 credentials exploit with permanent validity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35941"
},
{
"category": "external",
"summary": "RHBZ#2217977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217977"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35941",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35941"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4624"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: OAuth2 credentials exploit with permanent validity"
},
{
"cve": "CVE-2023-35942",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217978"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy, where gRPC access loggers using the listener\u0027s global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: gRPC access log crash caused by the listener draining",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35942"
},
{
"category": "external",
"summary": "RHBZ#2217978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35942"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4624"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: gRPC access log crash caused by the listener draining"
},
{
"cve": "CVE-2023-35943",
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217987"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy. Suppose an origin header is configured to be removed with request_headers_to_remove: origin. The CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeaders and encodeHeaders.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: CORS filter segfault when origin header is removed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35943"
},
{
"category": "external",
"summary": "RHBZ#2217987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217987"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35943"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4624"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: CORS filter segfault when origin header is removed"
},
{
"cve": "CVE-2023-35944",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217985"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filter, it will fail the exact-match checks for HTTP and inform the remote endpoint the scheme is HTTP, thus potentially bypassing OAuth2 checks specific to HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35944"
},
{
"category": "external",
"summary": "RHBZ#2217985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35944"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35944",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35944"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4624"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes"
},
{
"acknowledgments": [
{
"names": [
"Yan Avlasov"
],
"organization": "Google"
}
],
"cve": "CVE-2023-35945",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217983"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoy\u2019s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY frames from an upstream server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: HTTP/2 memory leak in nghttp2 codec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:0034a052544d5205b81f064361ed8f1213bed6dc868a607a14cb7f1f803c6213_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:731d23d6a6e226a68463beaa956065341537b0f4b2bf2fe0b14c1aff4cd1b45e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:8aa19f37aef2ed95793a6c6940146c8b67fbbbbad1a219775dc917358de97c61_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:279bc4504c13e65be3a16731dcb042b9fe10f937fffc9f0fcfd8bfd5e3d4717b_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:674726fb44c3eb46b7549964e82da3d6e8969659f72a80ff46bee2736af60eb6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:aa6b03b229bb55aade074a59199f25dd26b6d596bf65683fdfb1adfd33d6a1cc_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:3fc6b5a00fbc1716e0dc7b958b232135979e17184f662d8b30aba68246380c6a_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:5a91228a6ae101204f87d86d6152e3719de2067e0a04e19984ea379e969ae827_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:aa41a543ce10b9d932178894d74ecd3c62c09db6c729affef3d165eef797e873_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:572cb5d7bfcbe827371d715039aa795a234089ad84e87c874c27b4c8368fd414_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e1e2634d0b71ee373d1caa3db8ecd80833847894f3a182ac9a51ffb615a7ea85_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e5d923926234b1b1d22a93addce28a2656407932af0391a4d03c739d423aa109_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:28eed3d9554d7424a55a9d8425acc098c56e46ce7754c32f0c6b3993a3400248_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:787962d7a65f62af1f85e2e5d822f3db40093af32fd03ebd0e2cec248d399eb4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:dd4934b72d644f9317465b6c45b137b93123dc50447daedca9a410f11b292132_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:16222b72f4ae305ca2128ecc7d19d568b6c7edaa32b55e9759a563b2b0ae3000_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:93f927c7fcf4138b6c5ba976d971f50b88f8e46bc819017763014748394bd786_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:fbc19a6d4a1cb052b7944f0b4537f1ce2716f4c81bc6b5866920f8d62be69290_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35945"
},
{
"category": "external",
"summary": "RHBZ#2217983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217983"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35945"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
}
],
"release_date": "2023-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4624"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:826302993a08f1b7b9d05b17d9a7e71792d2c1adaa8002c59aa8ecbca523d86e_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:d9c2a461fb3de8c30e1fd06924fafe03fd1d0e19ed5cf2e0cb848a1116752cf1_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:e36f4a2d5c66515519aa7158a31f07c8ba376553654d2f71d6f2601106c90095_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: HTTP/2 memory leak in nghttp2 codec"
}
]
}
rhsa-2023_5175
Vulnerability from csaf_redhat
Published
2023-09-14 17:33
Modified
2024-09-16 12:37
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.2.10
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)
* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)
* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.2.10\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)\n\n* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)\n\n* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5175",
"url": "https://access.redhat.com/errata/RHSA-2023:5175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2217977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217977"
},
{
"category": "external",
"summary": "2217983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217983"
},
{
"category": "external",
"summary": "2217985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217985"
},
{
"category": "external",
"summary": "OSSM-4799",
"url": "https://issues.redhat.com/browse/OSSM-4799"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5175.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update",
"tracking": {
"current_release_date": "2024-09-16T12:37:10+00:00",
"generator": {
"date": "2024-09-16T12:37:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:5175",
"initial_release_date": "2023-09-14T17:33:39+00:00",
"revision_history": [
{
"date": "2023-09-14T17:33:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-14T17:33:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T12:37:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.2 for RHEL 8",
"product": {
"name": "RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.8-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.10-1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.8-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.10-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.8-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.10-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.10-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.10-1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-35941",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217977"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter\u0027s HMAC check.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: OAuth2 credentials exploit with permanent validity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35941"
},
{
"category": "external",
"summary": "RHBZ#2217977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217977"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35941",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35941"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5175"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: OAuth2 credentials exploit with permanent validity"
},
{
"cve": "CVE-2023-35944",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217985"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filter, it will fail the exact-match checks for HTTP and inform the remote endpoint the scheme is HTTP, thus potentially bypassing OAuth2 checks specific to HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35944"
},
{
"category": "external",
"summary": "RHBZ#2217985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35944"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35944",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35944"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5175"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes"
},
{
"acknowledgments": [
{
"names": [
"Yan Avlasov"
],
"organization": "Google"
}
],
"cve": "CVE-2023-35945",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217983"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoy\u2019s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY frames from an upstream server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: HTTP/2 memory leak in nghttp2 codec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:5e78c65d48745dcd36fe3dc21f75dc315875fdad7cd15b512cc85b70ae5979b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:8d6a6daaa5363f44c6152492b04d4c385a7709d1faed27023031012291a5ba3b_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:b40ac48fddda4a0ddc43515578b998a15981c8d7b9dfa1a88b194b0c228ca3bc_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d1f8104f3f1113ca5aa733853451f893388b3b45c9ce6dccb92b57cf718f1f35_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35945"
},
{
"category": "external",
"summary": "RHBZ#2217983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217983"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35945"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
}
],
"release_date": "2023-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5175"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: HTTP/2 memory leak in nghttp2 codec"
}
]
}
rhsa-2023_4625
Vulnerability from csaf_redhat
Published
2023-08-11 16:47
Modified
2024-09-16 12:36
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.2 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.4.2 Containers
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)
* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)
* envoy: CORS filter segfault when origin header is removed (CVE-2023-35943)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.4.2 Containers\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* envoy: OAuth2 credentials exploit with permanent validity (CVE-2023-35941)\n\n* envoy: Incorrect handling of HTTP requests and responses with mixed case schemes (CVE-2023-35944)\n\n* envoy: CORS filter segfault when origin header is removed (CVE-2023-35943)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4625",
"url": "https://access.redhat.com/errata/RHSA-2023:4625"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2217977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217977"
},
{
"category": "external",
"summary": "2217985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217985"
},
{
"category": "external",
"summary": "2217987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217987"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_4625.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.2 security update",
"tracking": {
"current_release_date": "2024-09-16T12:36:58+00:00",
"generator": {
"date": "2024-09-16T12:36:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:4625",
"initial_release_date": "2023-08-11T16:47:49+00:00",
"revision_history": [
{
"date": "2023-08-11T16:47:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-08-11T16:47:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T12:36:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.4 for RHEL 8",
"product": {
"name": "RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.2-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.2-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.2-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.2-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.2-8"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.2-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.2-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.2-4"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-35941",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217977"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter\u0027s HMAC check.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: OAuth2 credentials exploit with permanent validity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35941"
},
{
"category": "external",
"summary": "RHBZ#2217977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217977"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35941",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35941"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4625"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: OAuth2 credentials exploit with permanent validity"
},
{
"cve": "CVE-2023-35943",
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217987"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy. Suppose an origin header is configured to be removed with request_headers_to_remove: origin. The CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeaders and encodeHeaders.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: CORS filter segfault when origin header is removed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35943"
},
{
"category": "external",
"summary": "RHBZ#2217987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217987"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35943"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4625"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: CORS filter segfault when origin header is removed"
},
{
"cve": "CVE-2023-35944",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217985"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filter, it will fail the exact-match checks for HTTP and inform the remote endpoint the scheme is HTTP, thus potentially bypassing OAuth2 checks specific to HTTP requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35944"
},
{
"category": "external",
"summary": "RHBZ#2217985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35944"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35944",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35944"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4625"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect handling of HTTP requests and responses with mixed case schemes"
},
{
"acknowledgments": [
{
"names": [
"Yan Avlasov"
],
"organization": "Google"
}
],
"cve": "CVE-2023-35945",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217983"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoy\u2019s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY frames from an upstream server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: HTTP/2 memory leak in nghttp2 codec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0ccff9864bab5e8e594d5063b853f4d91a1384cfc225e4476216d8e574615cb7_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:562b81ae1d60684dcbd7af1642382e88920a13165a348b6b8cc14f0a89c16321_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:71e3d3cf8e1a5812365695e9f7747a0f86e281b543c3e3a91ea655796a31fa51_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:46abe1e995f4796110c358744084f797a98e9f37258b506fe3406dd213cb6578_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4c7f85a069b9c50e5ed5c7eb9f5bf453bca43156564878c33092cdc45a1500d2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:e2d0c6c599336b7db5b7c90e1490d73c029fae204dc086978bb07b0f8d312d06_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:2bb07daadf9c7836a02252e7bc42eba1f43563ed6fcc5ec7c59eb6f9719874db_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:77bfc5c77e343fbeae3e19d390f8598e5f69661fb54c2ced8c0c49eb4d993308_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8ec88c4a8e3df430fafa5b5b3e623ed111ce1456539bedf29a791995a548c03e_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b54fd04a30412ca92b046728f8ec513237235b18072a4cc7b241ef2586a2145c_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ed49691c656ab9916b81a308ed942377760d4019bb2465735b5071c659070f3_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:67227db1a9ccc2b81938f91959df0bba8791010429e619dd39b1f85e4c6cb832_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:8e01420f8a1f0fd72461dd8c377c29c086e4616826bfc128915ff0d468758c18_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:45e7246f67faeefb0b52d789c33e4fd61694a27611e3d98a143f8c0a5c72bb7a_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:ab76505430875f6895fe269156bfefb79e6c08226e8205941760133230a11993_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:b67fdd91fccee205e74d4fe47aece9ba78f0dee04635dd83f5edcb984e94ad50_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:1fce10dd8e3903b5391e0176dc1c4f23113d274f68567a3161d9696b1b858ce6_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:99f2890cca37225e318ef39d50800ace6e889c7e59d343a92d4343f4fec8d150_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:dd6b2b1f8b90238b885953e22c01bfc62d3243cc8b501c86b40a892e774f2c7a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-35945"
},
{
"category": "external",
"summary": "RHBZ#2217983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217983"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35945"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
}
],
"release_date": "2023-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4625"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:28d3f0e2bfa0f6cc04275f2cfab1427e2903a403550e5ccf4cc192ab86e784d6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:d84f04c9a6e03641eed7c55c91c70666c725aaec5c55eb0a4e2ae083c974760d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:ff9b876604bf6b157e7ba007c9b8569140ba2bc3cac0e9bc928392bfa58558a4_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: HTTP/2 memory leak in nghttp2 codec"
}
]
}
gsd-2023-35941
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-35941",
"id": "GSD-2023-35941"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-35941"
],
"details": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter\u0027s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host\u0027s domain configuration.",
"id": "GSD-2023-35941",
"modified": "2023-12-13T01:20:46.439908Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-35941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 1.26.0, \u003c 1.26.4"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.25.0, \u003c 1.25.9"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.24.0, \u003c 1.24.10"
},
{
"version_affected": "=",
"version_value": "\u003c 1.23.12"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter\u0027s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host\u0027s domain configuration."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-116",
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
}
]
},
"source": {
"advisory": "GHSA-7mhv-gr67-hq55",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.24.10",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.25.9",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.26.4",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.23.12",
"versionStartIncluding": "1.23.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-35941"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter\u0027s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host\u0027s domain configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-08-02T18:34Z",
"publishedDate": "2023-07-25T18:15Z"
}
}
}
Loading...