cvelistv5 - cve-2024-7207

CVE-2024-7207 (GCVE-0-2024-7207)

Vulnerability from cvelistv5 – Published: 2024-09-19 22:17 – Updated: 2024-09-30 19:03

Duplicate of CVE-2024-45806.

Show details on NVD website

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-09-30T19:03:20.448Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "Duplicate of CVE-2024-45806."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7207",
    "datePublished": "2024-09-19T22:17:51.582Z",
    "dateRejected": "2024-09-30T19:03:20.448Z",
    "dateReserved": "2024-07-29T12:34:41.016Z",
    "dateUpdated": "2024-09-30T19:03:20.448Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Rejected reason: Duplicate of CVE-2024-45806.\"}]",
      "id": "CVE-2024-7207",
      "lastModified": "2024-09-30T19:15:04.540",
      "published": "2024-09-19T23:15:12.337",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Rejected"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-7207\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-09-19T23:15:12.337\",\"lastModified\":\"2024-09-30T19:15:04.540\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: Duplicate of CVE-2024-45806.\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"Duplicate of CVE-2024-45806.\"}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-09-30T19:03:20.448Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7207\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"state\": \"REJECTED\", \"assignerShortName\": \"redhat\", \"dateReserved\": \"2024-07-29T12:34:41.016Z\", \"datePublished\": \"2024-09-19T22:17:51.582Z\", \"dateUpdated\": \"2024-09-30T19:03:20.448Z\", \"dateRejected\": \"2024-09-30T19:03:20.448Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-7207

Vulnerability from fkie_nvd - Published: 2024-09-19 23:15 - Updated: 2024-09-30 19:15

Severity ?

Summary

Rejected reason: Duplicate of CVE-2024-45806.

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: Duplicate of CVE-2024-45806."
    }
  ],
  "id": "CVE-2024-7207",
  "lastModified": "2024-09-30T19:15:04.540",
  "metrics": {},
  "published": "2024-09-19T23:15:12.337",
  "references": [],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Rejected"
}

GHSA-QC32-2J82-W5H3

Vulnerability from github – Published: 2024-09-20 00:31 – Updated: 2024-09-20 00:31

Details

A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487.

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-19T23:15:12Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487.",
  "id": "GHSA-qc32-2j82-w5h3",
  "modified": "2024-09-20T00:31:35Z",
  "published": "2024-09-20T00:31:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7207"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7207"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300352"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-7207 (GCVE-0-2024-7207)

FKIE_CVE-2024-7207

GHSA-QC32-2J82-W5H3

Tags

Sightings

Nomenclature