5 matches found
CVE-2025-0754
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...
CVE-2025-0754
creationtimestamp| type| source ---|---|--- 2025-01-28 09:39:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113905315484441568 2025-01-28 10:15:46+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgs7wy2a6k2i 2025-01-28 12:56:14+00:00| seen|...
CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...
CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...
CVE-2025-0754
CVE-2025-0754 affects OpenShift Service Mesh 2.6.3 and 2.5.6. The root cause is improper sanitization of HTTP headers by Envoy, specifically the x-forwarded-for header. This can enable attackers to inject payloads into service mesh logs, causing log injection and spoofing; such injections can mis...