REDHAT-BUG-2339147: XSS
First published: Tue Jan 21 2025(Updated: )
The vulnerability arises due to insufficient sanitization of HTTP headers within the OpenShift Service Mesh, specifically allowing log injection attacks via the x-forwarded-for header. This could result in misleading log entries, potential XSS attacks, and misattribution of request sources. However, the impact is limited since it primarily affects logging and does not directly lead to remote code execution or privilege escalation.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenShift Service Mesh |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2339147?
The severity of REDHAT-BUG-2339147 is considered to be high due to the potential for log injection attacks and associated risks.
How do I fix REDHAT-BUG-2339147?
To fix REDHAT-BUG-2339147, apply the latest patches released by Red Hat for OpenShift Service Mesh that address the insufficient sanitization of HTTP headers.
What are the potential impacts of REDHAT-BUG-2339147?
The potential impacts of REDHAT-BUG-2339147 include misleading log entries, vulnerability to XSS attacks, and misattribution of request sources.
Which software is affected by REDHAT-BUG-2339147?
REDHAT-BUG-2339147 affects Red Hat OpenShift Service Mesh.
Can REDHAT-BUG-2339147 lead to data breaches?
Yes, REDHAT-BUG-2339147 can potentially lead to data breaches if exploited, due to its ability to manipulate log entries.
- agent/last-modified-date
- agent/source
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-0754
- vendor/red hat
- canonical/red hat openshift service mesh