6 matches found
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.9 security update
Red Hat OpenShift Service Mesh 2.2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
CVE-2023-27496
A flaw was found in Envoy. If Envoy is running with the OAuth filter enabled, a malicious actor could construct a request which would cause denial of service, crashing Envoy...
CVE-2023-27496 vulnerabilities
Vulnerabilities for packages: envoy...
CVE-2023-27496 vulnerabilities
Vulnerabilities for packages: envoy...
CVE-2023-27496 Envoy may crash when a redirect url without a state param is received in the oauth filter
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with t...
CVE-2023-27496
CVE-2023-27496 affects the Envoy proxy. Prior to patch versions (1.26.0, 1.25.3, 1.24.4, 1.23.6, 1.22.9), an OAuth redirect response without the state parameter could cause abnormal termination of the Envoy process when the redirect path is requested. A patch is available in those lines; mitigati...