307 matches found
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.10
Red Hat OpenShift Service Mesh Containers for 2.5.10 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.9
Red Hat OpenShift Service Mesh Containers for 2.5.9 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
CVE-2022-39388
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.5
Red Hat OpenShift Service Mesh Containers for 2.6.5 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.8
Red Hat OpenShift Service Mesh Containers for 2.5.8 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.14
Red Hat OpenShift Service Mesh Containers for 2.4.14 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
CVE-2025-0752
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...
CVE-2025-0754
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...
CVE-2025-0752
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...
CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...
CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...
CVE-2025-0754
CVE-2025-0754 affects OpenShift Service Mesh 2.6.3 and 2.5.6. The root cause is improper sanitization of HTTP headers by Envoy, specifically the x-forwarded-for header. This can enable attackers to inject payloads into service mesh logs, causing log injection and spoofing; such injections can mis...
CVE-2025-0752 Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...
CVE-2025-0752
OpenShift Service Mesh (versions 2.5.6 and 2.6.3) is affected by a vulnerability in Envoy related to improper HTTP header sanitization. The underlying issue can enable rate-limiter circumvention, bypass of access controls, and may lead to CPU and memory exhaustion and replay attacks. The CVE desc...
CVE-2025-0752 Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...
Red Hat OpenShift Service Mesh 安全漏洞
Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from improper cleanup of x-forwarded-for heade...
PT-2025-4041 · Red Hat · Openshift Service Mesh
Name of the Vulnerable Software and Affected Versions: OpenShift Service Mesh versions 2.5.6 through 2.6.3 Description: The issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject maliciou...
Red Hat OpenShift Service Mesh 环境问题漏洞
Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. An environment issue vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from incorrect HTTP header handling ...
PT-2025-4039 · Red Hat · Openshift Service Mesh
Name of the Vulnerable Software and Affected Versions: OpenShift Service Mesh versions 2.5.6 through 2.6.3 Description: A flaw was found in OpenShift Service Mesh due to improper HTTP header sanitization in Envoy. This may lead to rate-limiter avoidance, access-control bypass, CPU and memory...
CVE-2025-0754
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...