Lucene search
K

307 matches found

RedHat Linux
RedHat Linux
added 2025/04/15 5:24 p.m.18 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.10

Red Hat OpenShift Service Mesh Containers for 2.5.10 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

6.1CVSS6.6AI score0.00647EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/02/26 2:58 p.m.13 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.9

Red Hat OpenShift Service Mesh Containers for 2.5.9 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

6.1CVSS6.6AI score0.00559EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 7:38 p.m.8 views

CVE-2022-39388

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

7.6CVSS6.6AI score0.00455EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/05 9:4 a.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.5

Red Hat OpenShift Service Mesh Containers for 2.6.5 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

7.5CVSS6.7AI score0.00856EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/02/05 8:58 a.m.21 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.8

Red Hat OpenShift Service Mesh Containers for 2.5.8 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

8.7CVSS6.7AI score0.00856EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/02/05 8:56 a.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.14

Red Hat OpenShift Service Mesh Containers for 2.4.14 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

5.3CVSS6.7AI score0.00856EPSS
Exploits0References2
NVD
NVD
added 2025/01/28 10:15 a.m.29 views

CVE-2025-0752

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...

7.1CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2025/01/28 10:15 a.m.28 views

CVE-2025-0754

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

4.3CVSS0.00253EPSS
Exploits0References2
OSV
OSV
added 2025/01/28 10:15 a.m.4 views

CVE-2025-0752

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...

7.1CVSS5.7AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/28 9:37 a.m.13 views

CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

4.3CVSS0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/28 9:37 a.m.9 views

CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

4.3CVSS4.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2025/01/28 9:37 a.m.61 views

CVE-2025-0754

CVE-2025-0754 affects OpenShift Service Mesh 2.6.3 and 2.5.6. The root cause is improper sanitization of HTTP headers by Envoy, specifically the x-forwarded-for header. This can enable attackers to inject payloads into service mesh logs, causing log injection and spoofing; such injections can mis...

4.3CVSS6.5AI score0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/28 9:29 a.m.12 views

CVE-2025-0752 Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...

7.1CVSS0.00396EPSS
Exploits0References2
CVE
CVE
added 2025/01/28 9:29 a.m.70 views

CVE-2025-0752

OpenShift Service Mesh (versions 2.5.6 and 2.6.3) is affected by a vulnerability in Envoy related to improper HTTP header sanitization. The underlying issue can enable rate-limiter circumvention, bypass of access controls, and may lead to CPU and memory exhaustion and replay attacks. The CVE desc...

7.1CVSS7AI score0.00396EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/28 9:29 a.m.8 views

CVE-2025-0752 Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...

7.1CVSS6.3AI score0.00396EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.2 views

Red Hat OpenShift Service Mesh 安全漏洞

Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from improper cleanup of x-forwarded-for heade...

4.3CVSS5.2AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.4 views

PT-2025-4041 · Red Hat · Openshift Service Mesh

Name of the Vulnerable Software and Affected Versions: OpenShift Service Mesh versions 2.5.6 through 2.6.3 Description: The issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject maliciou...

4.3CVSS6.6AI score0.00253EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.4 views

Red Hat OpenShift Service Mesh 环境问题漏洞

Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat USA. An environment issue vulnerability exists in Red Hat OpenShift Service Mesh versions 2.6.3 and 2.5.6, which stems from incorrect HTTP header handling ...

6.3CVSS6.6AI score0.00396EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.5 views

PT-2025-4039 · Red Hat · Openshift Service Mesh

Name of the Vulnerable Software and Affected Versions: OpenShift Service Mesh versions 2.5.6 through 2.6.3 Description: A flaw was found in OpenShift Service Mesh due to improper HTTP header sanitization in Envoy. This may lead to rate-limiter avoidance, access-control bypass, CPU and memory...

6.3CVSS6.2AI score0.00396EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/01/27 3:0 p.m.11 views

CVE-2025-0754

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

4.3CVSS6.2AI score0.00253EPSS
Exploits0References3
Rows per page
Query Builder