31 matches found
EUVD-2020-3162
Malware in sbrugna...
RHSA-2020:4129 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1 servicemesh-proxy security update
Bulletin has no description...
RHSA-2020:2864 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0 servicemesh-proxy security update
Bulletin has no description...
RHSA-2020:2798 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1 servicemesh-proxy security update
Bulletin has no description...
RHSA-2020:0734 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy security update
Bulletin has no description...
RHSA-2020:0477 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0.7 servicemesh-proxy security update
Bulletin has no description...
RHSA-2020:2523 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1.2 servicemesh-proxy security update
Bulletin has no description...
RHSA-2020:2524 Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0 servicemesh-proxy security update
Bulletin has no description...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service.The vulnerability exists due to the memory corruption in continueDecoding function in filter.cc, which allows an attacker to crash the application by providing a malicious input...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service. When a cluster is deleted via Cluster Discovery Service CDS all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service. The vulnerability exists due to a segfault which allows an internal redirect a route configured with direct response which allows an attacker to crash the system...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization which allows an attacker to crash the system via a NULL pointer dereference when using a WT filter saferegex match via a crafted request...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to...
Authorization Bypass
servicemesh-proxy is vulnerable to authorization bypass. It allows specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed...
Privilege Escalation
servicemesh-proxy is vulnerable to privilege escalation. An attacker is able to exploit the vulnerability by crafting an HTTP request that defines a certain pattern of escaped characters in the URI path such as %2F, %2f, %5C or %5c, allowing them to bypass the authorization service...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service. A NULL pointer dereference vulnerability in envoyproxy/envoy allows an attacker crash the application by establishing a TLS session that sends an invalid TLS alert code resulting in a denial of service...
Denial Of Service (DoS)
servicemesh-proxy is vulnerable to denial of service. An attacker is able to crash the application by sending a malicious packet that specifies a large grpc-timeout, causing envoy to incorrectly calculate the timeouts...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1 servicemesh-proxy security update
An update for servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-proxy (RHSA-2020:4129)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4129 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift...