Lucene search
K
RedhatOpenshift Service Mesh

22 matches found

CVE
CVE
added 2019/08/13 8:50 p.m.5798 views

CVE-2019-9513

CVE-2019-9513 (and related HTTP/2 CVEs) affect nginx and nghttp2. The issues enable denial of service via HTTP/2 resource loops and priority/window manipulation, causing high CPU/memory usage. nginx 1.16.x and nghttp2 are specifically named in advisories; remediation is upgrading to fixed package...

7.8CVSS7.7AI score0.82017EPSS
CVE
CVE
added 2019/08/13 8:50 p.m.5316 views

CVE-2019-9517

CVE-2019-9517 describes an attack against some HTTP/2 implementations where unconstrained internal data buffering can cause a denial of service. The vulnerability arises when an attacker floods a connection with a large number of requests for a large response object while manipulating HTTP/2 flow...

7.8CVSS7.7AI score0.27004EPSS
CVE
CVE
added 2023/10/10 12:0 a.m.5301 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2019/08/13 8:50 p.m.3861 views

CVE-2019-9511

CVE-2019-9511 is an HTTP/2 denial-of-service issue observed in multiple products where an attacker manipulates HTTP/2 window size and stream prioritization to force queuing of data in 1-byte chunks, potentially exhausting CPU/memory. Connected advisories confirm affected components include nginx ...

7.8CVSS6.8AI score0.58373EPSS
CVE
CVE
added 2019/08/13 8:50 p.m.3070 views

CVE-2019-9516

CVE-2019-9516 is an HTTP/2 header leak vulnerability affecting nginx and several Linux distributions. The issue occurs when an attacker sends streams with 0-length header names and values (optionally Huffman encoded), causing nginx to allocate memory for headers that may be kept until the session...

7.5CVSS7.3AI score0.56262EPSS
CVE
CVE
added 2019/08/13 12:0 a.m.864 views

CVE-2019-9514

CVE-2019-9514 corresponds to an HTTP/2 vulnerability where an attacker floods a peer by sending HEADERS frames, causing unbounded memory growth and potential DoS. Public details in connected advisories show affected stacks include Go HTTP/2 implementations and Go-based tools, with remediation via...

7.8CVSS7.9AI score0.82813EPSS
CVE
CVE
added 2019/08/13 8:50 p.m.580 views

CVE-2019-9518

CVE-2019-9518 describes a denial-of-service risk in HTTP/2 where a flood of frames with empty payloads (DATA, HEADERS, CONTINUATION, PUSH_PROMISE) and no end-of-stream flag can exhaust CPU and memory. Connected docs confirm concrete mentions across multiple ecosystems: Cloud Foundry products (emp...

7.8CVSS7.7AI score0.25448EPSS
CVE
CVE
added 2019/08/13 8:50 p.m.555 views

CVE-2019-9515

CVE-2019-9515 concerns an HTTP/2 settings flood that can cause memory/CPU exhaustion. Arista’s security advisory (Security Advisory 0043) states the vulnerability is in Go’s gRPC HTTP/2 usage and can affect TerminAttr, OpenConfig, CVP, and certain Wi‑Fi OpenConfig-enabled components when enabled....

7.8CVSS7.7AI score0.87806EPSS
CVE
CVE
added 2020/12/21 3:16 p.m.331 views

CVE-2020-27846

CVE-2020-27846 is a signature verification vulnerability in crewjam/saml that can allow bypass of SAML authentication. The issue affects Grafana deployments including affected Grafana versions referenced in multiple advisories (e.g., Red Hat RHSA-2021:1859) and is scored with a high/critical impa...

10CVSS9.1AI score0.04872EPSS
CVE
CVE
added 2026/06/17 4:58 p.m.136 views

CVE-2026-47774

CVE-2026-47774 affects Envoy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. A vulnerability in HTTP/2 downstream request processing combines two issues: (1) cookie header bytes are not fully accounted for during request header size validation, and (2) HPACK header limits are enforced on e...

7.5CVSS5.8AI score0.00815EPSS
CVE
CVE
added 2020/03/26 11:16 a.m.114 views

CVE-2020-1764

CVE-2020-1764 concerns a hard-coded cryptographic key in Kiali’s default config, affecting all versions

8.6CVSS8.5AI score0.03468EPSS
Web
CVE
CVE
added 2023/09/23 7:0 p.m.113 views

CVE-2022-3962

CVE-2022-3962 affects Kiali and is described as a content spoofing vulnerability. The issue arises because Kiali does not implement proper error handling when the target page or endpoint cannot be found, permitting an attacker to inject arbitrary text via error responses retrieved from the URL. T...

4.3CVSS5.1AI score0.00711EPSS
CVE
CVE
added 2020/04/27 8:41 p.m.112 views

CVE-2020-1762

CVE-2020-1762 affects Kiali versions 0.4.0 to 1.15.0; root cause is insufficient JWT validation. An attacker could steal a valid JWT cookie and use it to spoof a user session, potentially gaining privileges to view and alter Istio configuration. The issue was fixed in Kiali 1.15.1. Remediation is...

8.6CVSS8.3AI score0.01125EPSS
CVE
CVE
added 2020/03/04 8:43 p.m.112 views

CVE-2020-8659

CVE-2020-8659 affects the Envoy proxy used in Photon OS (Envoy package). The vulnerability causes memory exhaustion when proxying HTTP/1.1 requests or responses with many tiny chunks. Photon OS advisories PHSA-2020-1.0-0290 and PHSA-2020-2.0-0229 indicate updates to the envoy package are availabl...

7.5CVSS7.4AI score0.0184EPSS
CVE
CVE
added 2020/03/04 8:48 p.m.107 views

CVE-2020-8661

CVE-2020-8661 affects Envoy (via Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy). The Red Hat advisory RHSA-2020:0734 lists CVE-2020-8661 among fixes and describes mitigations for multiple envoy issues; the vulnerability is mapped to excessive CPU/memory use when proxying HTTP/1.1, which ...

7.5CVSS7.8AI score0.01823EPSS
CVE
CVE
added 2021/01/29 6:0 a.m.101 views

CVE-2019-25014

CVE-2019-25014 involves a NULL pointer dereference in Istio’s Istio-pilot component (pkg/proxy/envoy/v2/debug.go getResourceVersion) prior to 1.5.0-alpha.0. A specific HTTP GET to the pilot debug API endpoint can cause the Go runtime to panic, yielding a denial-of-service against istio-pilot. The...

6.5CVSS6.4AI score0.01422EPSS
CVE
CVE
added 2021/06/01 1:31 p.m.86 views

CVE-2021-3495

The CVE-2021-3495 vulnerability is an improper access-control flaw in kiali-operator before version 1.33.0 (and before 1.24.7 for the alternate stream). An attacker with basic cluster access could deploy a specified image to any namespace, potentially accessing privileged service account tokens a...

8.8CVSS8.3AI score0.00969EPSS
CVE
CVE
added 2019/04/25 2:55 p.m.82 views

CVE-2019-9900

Technical details about CVE-2019-9900 are not provided in the connected documents. The initial description notes an issue in Envoy 1.9.0 and earlier with HTTP header parsing, but no public details are included here; monitor for updates.

8.3CVSS8AI score0.03732EPSS
CVE
CVE
added 2022/08/22 2:46 p.m.81 views

CVE-2021-3586

CVE-2021-3586 concerns Red Hat OpenShift Service Mesh (servicemesh-operator). The issue is that NetworkPolicy resources for Maistra do not properly specify ingress ports, potentially allowing access to all ports from any pod, which can impact confidentiality, integrity, and availability. The vuln...

9.8CVSS9.3AI score0.00883EPSS
CVE
CVE
added 2020/02/12 2:10 p.m.77 views

CVE-2020-8595

CVE-2020-8595 affects Istio: authentication bypass via the Authentication Policy exact-path matching logic in Istio versions 1.2.10 (End of Life) and earlier, 1.3.x up to 1.3.7, and 1.4.x up to 1.4.3. An attacker can gain unauthorized access to HTTP paths configured to require a valid JWT by mani...

7.5CVSS7.2AI score0.02606EPSS
CVE
CVE
added 2020/02/17 4:38 p.m.70 views

CVE-2020-1704

CVE-2020-1704 describes an insecure modification vulnerability in the openshift/istio-kialia-rhel7-operator-container of OpenShift Service Mesh (Maistra) prior to 1.0.8. An attacker with container access could modify /etc/passwd to escalate privileges, causing local privilege escalation (privileg...

7.8CVSS7.6AI score0.00275EPSS
CVE
CVE
added 2025/01/28 9:29 a.m.70 views

CVE-2025-0752

OpenShift Service Mesh (versions 2.5.6 and 2.6.3) is affected by a vulnerability in Envoy related to improper HTTP header sanitization. The underlying issue can enable rate-limiter circumvention, bypass of access controls, and may lead to CPU and memory exhaustion and replay attacks. The CVE desc...

7.1CVSS7AI score0.00396EPSS