Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-22870

Опубликовано: 12 мар. 2025
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Assisted Installer for Red Hat OpenShift Container Platform 2rhai-tech-preview/assisted-installer-reporter-rhel8Fix deferred
Assisted Installer for Red Hat OpenShift Container Platform 2rhai-tech-preview/assisted-installer-rhel8Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-controller-rhel9Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-git-cloner-rhel9Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-bundler-rhel9Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-processing-rhel9Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-shared-resource-rhel9Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-shared-resource-webhook-rhel9Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-waiters-rhel9Fix deferred
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-webhook-rhel9Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2351766golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

EPSS

Процентиль: 1%
0.00012
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-22870

CVSS3: 4.4
ubuntu
3 месяца назад

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

nvd логотип

CVE-2025-22870

CVSS3: 4.4
nvd
3 месяца назад

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

msrc логотип

CVE-2025-22870

CVSS3: 4.4
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2025-22870

CVSS3: 4.4
debian
3 месяца назад

Matching of hosts against proxy patterns can improperly treat an IPv6 ...

suse-cvrf логотип

SUSE-SU-2025:1055-1

suse-cvrf
3 месяца назад

Security update for skopeo

EPSS

Процентиль: 1%
0.00012
Низкий

4.4 Medium

CVSS3

Уязвимость CVE-2025-22870