Lucene search

K
redhatRedHatRHSA-2024:1946
HistoryApr 22, 2024 - 12:38 p.m.

(RHSA-2024:1946) Moderate: Red Hat OpenShift Service Mesh Containers for 2.5.1 security update

2024-04-2212:38:30
access.redhat.com
10
red hat
openshift
service mesh
istio
security update
cve-2023-26159
cve-2024-24786
cve-2024-28180
cve-2024-28849
cvss score

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.05

Percentile

92.9%

Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Security Fixes:

  • follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
  • jose-go: improper handling of highly compressed data (CVE-2024-28180)
  • follow-redirects: Possible credential leak (CVE-2024-28849)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.05

Percentile

92.9%