Latest redhat openshift service mesh Vulnerabilities

CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 556 more
CVE-2022-3962
Kiali: error message spoofing in kiali ui
go/github.com/kiali/kiali<1.57.4
Kiali Kiali
Redhat Openshift Service Mesh=2.3.1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux For Ibm Z Systems=8.0
Redhat Enterprise Linux For Power Little Endian Eus=8.0
and 1 more
CVE-2021-3586
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from an...
redhat/servicemesh-operator<2.0.5-3.el8
Redhat Openshift Service Mesh=2.0
Redhat Servicemesh-operator=2.0.5.1
CVE-2021-3495
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kial...
Netlify Kiali-operator<1.24.7
Netlify Kiali-operator>=1.30.0<1.33.0
Redhat Openshift Service Mesh=1.0
Redhat Openshift Service Mesh=2.0
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is po...
redhat/istio<1.5.0
Istio Istio<=1.4.9
Redhat Openshift Service Mesh=1.0
CVE-2020-27846
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, ...
Grafana Grafana<6.7.5
Grafana Grafana>=7.0.0<7.2.3
Grafana Grafana>=7.3.0<7.3.6
Saml Project Saml<0.4.3
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.0
and 9 more
CVE-2020-1762
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT ...
Kiali Kiali>=0.4.0<1.15.1
Redhat Openshift Service Mesh=1.0
CVE-2020-1764
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signe...
go/github.com/kiali/kiali<1.15.1
redhat/kiali<1.15.1
Kiali Kiali<1.15.1
Redhat Openshift Service Mesh=1.0
CVE-2020-1704
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An atta...
Redhat Openshift Service Mesh<1.0.8
CVE-2020-8661
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
redhat/envoy<1.13.1
CNCF Envoy<=1.13.0
Redhat Openshift Service Mesh=1.0.9
CVE-2020-8659
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
redhat/envoy<1.13.1
CNCF Envoy<=1.13.0
Redhat Openshift Service Mesh=1.0
Debian Debian Linux=9.0
CVE-2020-8595
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access ...
redhat/istio<1.3.8
redhat/istio<1.4.4
Istio Istio>=1.3<=1.3.7
Istio Istio>=1.4.0<=1.4.3
Redhat Openshift Service Mesh=1.0
Redhat Enterprise Linux=8.0
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, o...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 72 more
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constr...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 77 more
CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data ...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 168 more
CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-st...
redhat/rh-nodejs10<0:3.2-3.el7
redhat/rh-nodejs10-nodejs<0:10.16.3-3.el7
redhat/rh-nodejs8<0:3.0-5.el7
redhat/rh-nodejs8-nodejs<0:8.16.1-2.el7
redhat/envoy<1.11.1
redhat/Nodejs<8.16.1
and 45 more
CVE-2019-9515
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the ...
redhat/eap7-apache-cxf<0:3.2.10-1.redhat_00001.1.el6ea
redhat/eap7-byte-buddy<0:1.9.11-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-5.SP3_redhat_00003.1.el6ea
redhat/eap7-hal-console<0:3.0.17-2.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.13-1.Final_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.18-1.Final_redhat_00001.1.el6ea
and 141 more
CVE-2019-9514
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest t...
redhat/go-toolset<1.11-0:1.11.13-1.el7
redhat/go-toolset<1.11-golang-0:1.11.13-2.el7
redhat/containernetworking-plugins<0:0.8.1-4.el7_7
redhat/eap7-apache-cxf<0:3.2.10-1.redhat_00001.1.el6ea
redhat/eap7-byte-buddy<0:1.9.11-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-5.SP3_redhat_00003.1.el6ea
and 221 more
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the str...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 104 more
CVE-2019-9900
A flaw was found in Envoy 1.9.0 and older. When parsing HTTP/1.x header values, Envoy does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values con...
Envoyproxy Envoy<=1.9.0
Redhat Openshift Service Mesh

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203