Lucene search
K

5 matches found

NVD
NVD
added 2025/01/28 10:15 a.m.29 views

CVE-2025-0754

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

4.3CVSS0.00253EPSS
Exploits0References2
Circl
Circl
added 2025/01/28 9:39 a.m.7 views

CVE-2025-0754

creationtimestamp| type| source ---|---|--- 2025-01-28 09:39:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113905315484441568 2025-01-28 10:15:46+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgs7wy2a6k2i 2025-01-28 12:56:14+00:00| seen|...

4.3CVSS5.8AI score0.00253EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/28 9:37 a.m.14 views

CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

4.3CVSS0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/28 9:37 a.m.9 views

CVE-2025-0754 Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

4.3CVSS4.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2025/01/28 9:37 a.m.61 views

CVE-2025-0754

CVE-2025-0754 affects OpenShift Service Mesh 2.6.3 and 2.5.6. The root cause is improper sanitization of HTTP headers by Envoy, specifically the x-forwarded-for header. This can enable attackers to inject payloads into service mesh logs, causing log injection and spoofing; such injections can mis...

4.3CVSS6.5AI score0.00253EPSS
Exploits0References2
Rows per page
Query Builder