Описание
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2 | openshift-service-mesh/proxyv2-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/proxyv2-rhel9 | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-444
https://bugzilla.redhat.com/show_bug.cgi?id=2339115envoyproxy: OpenShift Service Mesh Envoy HTTP Header Sanitization Bypass Leading to DoS and Unauthorized Access
6.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.3
nvd
11 месяцев назад
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
CVSS3: 6.3
github
11 месяцев назад
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
6.3 Medium
CVSS3