VDB
RHSA-2022%3A5006
RHSA-2022%3A5006
PUBLISHED
CVSS 9.300000190734863 CRITICAL
A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.
Risk Scores
CVSS 3.1
9.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x as a component of OpenShift Service Mesh 2.1 | * |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64 as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64 |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le as a component of OpenShift Service Mesh 2.1 | * |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64 as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64 |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64 as a component of OpenShift Service Mesh 2.1 | * |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64 as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64 |
| Red Hat | openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le |
| Red Hat | openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x as a component of OpenShift Service Mesh 2.1 | * |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le |
| Red Hat | openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x as a component of OpenShift Service Mesh 2.1 | * |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le as a component of OpenShift Service Mesh 2.1 | * |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le as a component of OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le |
…and 40 more
Timeline
- Jun 13, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:5006 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2053429 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2072009 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2077688 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2077689 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2085307 issue
- https://issues.redhat.com/browse/OSSM-1609 advisory
- https://issues.redhat.com/browse/OSSM-1617 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5006.json advisory
- https://access.redhat.com/security/cve/CVE-2022-1650 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-1650 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-1650 advisory
- https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e advisory
- https://access.redhat.com/security/cve/CVE-2022-23806 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-23806 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-23806 advisory
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ advisory
- https://access.redhat.com/security/cve/CVE-2022-24675 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-24675 advisory
…and 9 more