rhsa-2023_4623
Vulnerability from csaf_redhat
Published
2023-08-11 16:46
Modified
2024-11-23 00:00
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.9 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.2.9
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* envoy: Client may fake the header `x-envoy-original-path` (CVE-2023-27487)
* envoy: envoy doesn't escape HTTP header values (CVE-2023-27493)
* envoy: gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received (CVE-2023-27488)
* envoy: Envoy forwards invalid HTTP/2 and HTTP/3 downstream (CVE-2023-27491)
* envoy: Crash when a large request body is processed in Lua filter (CVE-2023-27492)
* envoy: Crash when a redirect url without a state param is received in the oauth filter (CVE-2023-27496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh 2.2.9\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* envoy: Client may fake the header `x-envoy-original-path` (CVE-2023-27487)\n\n* envoy: envoy doesn't escape HTTP header values (CVE-2023-27493)\n\n* envoy: gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received (CVE-2023-27488)\n\n* envoy: Envoy forwards invalid HTTP/2 and HTTP/3 downstream (CVE-2023-27491)\n\n* envoy: Crash when a large request body is processed in Lua filter (CVE-2023-27492)\n\n* envoy: Crash when a redirect url without a state param is received in the oauth filter (CVE-2023-27496)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4623", url: "https://access.redhat.com/errata/RHSA-2023:4623", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2179135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179135", }, { category: "external", summary: "2179138", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179138", }, { category: "external", summary: "2179139", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179139", }, { category: "external", summary: "2182155", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182155", }, { category: "external", summary: "2182156", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182156", }, { category: "external", summary: "2182158", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182158", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4623.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.9 security update", tracking: { current_release_date: "2024-11-23T00:00:55+00:00", generator: { date: "2024-11-23T00:00:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:4623", initial_release_date: "2023-08-11T16:46:48+00:00", revision_history: [ { date: "2023-08-11T16:46:48+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-11T16:46:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-23T00:00:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.2 for RHEL 8", product: { name: "RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.2::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.2.9-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", product: { name: "openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", product_id: "openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", product_identification_helper: { purl: "pkg:oci/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.2.9-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.2.9-1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.2.9-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", product: { name: "openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", product_id: "openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", product_identification_helper: { purl: "pkg:oci/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.2.9-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.2.9-1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.2.9-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", product: { name: "openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", product_id: "openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", product_identification_helper: { purl: "pkg:oci/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8&tag=2.2.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.2.9-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.2.9-1", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", }, product_reference: "openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", }, product_reference: "openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", }, product_reference: "openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", relates_to_product_reference: "8Base-RHOSSM-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64 as a component of RHOSSM 2.2 for RHEL 8", product_id: "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", relates_to_product_reference: "8Base-RHOSSM-2.2", }, ], }, vulnerabilities: [ { cve: "CVE-2023-27487", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179135", }, ], notes: [ { category: "description", text: "A flaw was found in envoy. The header x-envoy-original-path should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header could then be used for trace logs and grpc logs, used in the URL for jwt_authn checks if the jwt_authn filter is used, and any other upstream use of the x-envoy-original-path header.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Client may fake the header `x-envoy-original-path`", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27487", }, { category: "external", summary: "RHBZ#2179135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27487", url: "https://www.cve.org/CVERecord?id=CVE-2023-27487", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27487", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27487", }, ], release_date: "2023-04-04T19:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:46:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4623", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Client may fake the header `x-envoy-original-path`", }, { cve: "CVE-2023-27488", discovery_date: "2023-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182156", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy which could allow an attacker to bypass authentication checks when ext_authz is used by crafting a malicious http header with a non-UTF8 value.", title: "Vulnerability description", }, { category: "summary", text: "envoy: gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27488", }, { category: "external", summary: "RHBZ#2182156", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182156", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27488", url: "https://www.cve.org/CVERecord?id=CVE-2023-27488", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27488", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27488", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph", }, ], release_date: "2023-04-04T19:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:46:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4623", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received", }, { cve: "CVE-2023-27491", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179138", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Envoy forwards invalid HTTP/2 and HTTP/3 downstream", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27491", }, { category: "external", summary: "RHBZ#2179138", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179138", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27491", url: "https://www.cve.org/CVERecord?id=CVE-2023-27491", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27491", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27491", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp", }, ], release_date: "2023-04-04T19:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:46:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4623", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Envoy forwards invalid HTTP/2 and HTTP/3 downstream", }, { cve: "CVE-2023-27492", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179139", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy. This issue may allow attackers to send large request bodies for routes that have the Lua filter enabled, which will trigger a crash.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Crash when a large request body is processed in Lua filter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27492", }, { category: "external", summary: "RHBZ#2179139", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179139", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27492", url: "https://www.cve.org/CVERecord?id=CVE-2023-27492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27492", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27492", }, ], release_date: "2023-04-04T19:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:46:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4623", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Crash when a large request body is processed in Lua filter", }, { cve: "CVE-2023-27493", discovery_date: "2023-03-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182158", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy. Envoy doesn't escape HTTP header values due to a specifically constructed HTTP request or mTLS connection with a specifically crafted client certificate. Envoy configuration must also include an option to add request headers that were generated using inputs from the request, for example, the peer certificate SAN.", title: "Vulnerability description", }, { category: "summary", text: "envoy: envoy doesn't escape HTTP header values", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27493", }, { category: "external", summary: "RHBZ#2182158", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182158", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27493", url: "https://www.cve.org/CVERecord?id=CVE-2023-27493", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27493", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27493", }, ], release_date: "2023-04-04T19:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:46:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4623", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: envoy doesn't escape HTTP header values", }, { cve: "CVE-2023-27496", discovery_date: "2023-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182155", }, ], notes: [ { category: "description", text: "A flaw was found in Envoy. If Envoy is running with the OAuth filter enabled, a malicious actor could construct a request which would cause denial of service, crashing Envoy.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Crash when a redirect url without a state param is received in the oauth filter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], known_not_affected: [ "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:1894163c4006a3c8e18cff16f1f8eaea524ab70baa657b4e5f248c6a5ba91353_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:492ab85f14b73f01e03521d6b3aab76a673d31c0032d4a63ae30aed0e1cf1ed8_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:c0c950e26be89b52508a2bf8fdf7df8efd18e58bba2c7ad35940c41cda4176fd_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:72792895a400d9e28f4e12737fc5eadd2d20943026c4c536cbd6508fc823f6a7_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:9820a5e2d80f2c9c69f4d829b63c78bcbfa75ab7b42d7722e13e76db9bd1ecda_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:a0fffc8c8255ebe52475124f72048d54109a92c7f9e1f4256d17c35204b846d9_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:0290aac66c0f89c9faf6c29fee940f8ec3f3c9a0e126307837f9b1cd37efe8c0_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:41bc79c9b2c3af157198b3ba094eea971d8b1f29707ccd40ae4b95e8ecd7774f_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:559ed9613b1ee4717890325c1fd05961756a45a9acd08e8036d2db6780b5dd8d_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:1fac42f4073e9a296a0c16012c41a61f5a6ee0df8500515fbd33a694d29503e2_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:357d027eb44c202d715f53a04246462ce3501646481577164b3735641d707e28_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:51313956891391c4b756365ec2078c13ec9b72d6097d2907361808d478a6fb4c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5b872c6fe3c03528b9ca4bc9c56d5346b695c923f82f477b4574f604fa8f3673_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:5da99f12e7e9ac6562f5480138366a11ed56e81af5bf2956b767357b3fd73e9f_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:efbb8d27ec4cbd31194f00e47e4c8882651d41ea18eb544d6fae016a2395f8ea_amd64", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:2deec3e58640d06553b6fa82efe9e3939d3ae76f99020a9e4840a4a0cc65c091_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:58965678412910c9af83afe9f44efd37d8c99927def07fd429baa25b00919b61_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:66e212367c731d5e7d270778580658e86225a628dcc610a827517c8f18db352a_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27496", }, { category: "external", summary: "RHBZ#2182155", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182155", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27496", url: "https://www.cve.org/CVERecord?id=CVE-2023-27496", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27496", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27496", }, ], release_date: "2023-04-04T19:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-11T16:46:48+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4623", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:29246b072bb2829c8e86b41e7ecdf8e3845d64b9f87247cf81a6088a3d040d3c_ppc64le", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:60036f920ef18e80ed97dadb25e4d6ae2e63f74e04c51e18badf22aae25a7f50_s390x", "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:d8a8d11de42f5105b47b89bf715945825fa496d05aa1fcbcbd230bad2d31d59f_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Crash when a redirect url without a state param is received in the oauth filter", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.