Lucene search
+L

7 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.2 views

SUSE CVE-2022-29226

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current...

10CVSS8.9AI score0.01238EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2022/09/08 12:0 a.m.55 views

istio security update

istio 1.13.7-1 - Added Oracle specific files for 1.13.7-1 olcne 1.4.7-1 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 1.4.6-2 - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printin...

10CVSS8.3AI score0.02701EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/07/12 12:0 a.m.50 views

Oracle Linux 8 : olcne (ELSA-2022-9588)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9588 advisory. - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 - Address qemu CVE-2022-26353, CVE-2021-3748 Tenabl...

10CVSS6.8AI score0.02701EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2022/06/13 12:34 p.m.83 views

Critical: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 security update

Red Hat OpenShift Service Mesh 2.1.3 has been released. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

10CVSS6.8AI score0.03015EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2022/06/09 7:25 p.m.7 views

CVE-2022-29226 Trivial authentication bypass in Envoy

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current...

10CVSS9.5AI score0.01238EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/09 7:25 p.m.23 views

CVE-2022-29226 Trivial authentication bypass in Envoy

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current...

10CVSS9.7AI score0.01238EPSS
Exploits0References2
CVE
CVE
added 2022/06/09 7:25 p.m.111 views

CVE-2022-29226

Envoy proxy vulnerability CVE-2022-29226 affects the OAuth filter prior to v1.22.1, where there is no token validation in the filter, causing access to be granted when any access token is present. A fix is to upgrade Envoy to a version that includes proper access-token validation (v1.22.1 or late...

10CVSS9.4AI score0.01238EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder