VDB
RHSA-2023%3A5175
RHSA-2023%3A5175
PUBLISHED
CVSS 8.600000381469727 HIGH
A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check.
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:8822beb991c8d8b7ba733360d8e706343686d6df38de4d95f3a433f369284672_amd64 |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/grafana-rhel8@sha256:e6d4aec2395061a0150aea26b1fa133099e099676cf28051c9e4b8dd4c27b926_s390x |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:0b2aeb8ff562627f623f9b29a00d1e163a89924803471209f0d790bfbca7e4bd_s390x |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8@sha256:b33540a611b745ecca9140a6ee9a44559cae13305ae69622fa02be0dacdbcef9_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:7adcbcd2b4e0f3110b04d6b2aa26b4bb5537d34347c9789b086cf60a8e6fec6d_ppc64le |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8@sha256:11fbdefd2219b12aba641714fe01da6b69f6c428ef57b0fd742a0f0ef882c8f5_amd64 |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:6b3f1ebc8ec1e1cddf3905db2c23145ba837a215ffd6cb3890768c44a621d110_ppc64le |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:3537df333e12217412256f832558870f7ddcbeb3d12eebe29e055d750d606236_s390x as a component of RHOSSM 2.2 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:585bf4f4337af5d4efd81ceae6b278229e5247c8d2bada53f05390d42b5645a8_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:d08bcf93a05e6ab83e13540cf33e1e3af8dfde533f86f71bde1214cef65f9d44_s390x |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:68e30f3e8093278ca0ff00fa774735eef61319fffdc7fa7e0cc5a0d4dd0441d7_amd64 |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:77afae4c1f7a5019c6688a9634456529f2307b93423b3506c8a876b335d1be46_amd64 |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:a3bb7997641228bf14f4c579bdd34087a1881e5a960020f5b09e44cf9fc44ee6_ppc64le |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:4d1dbe6cb4937733e3713a0f44d9f66141df5163c085d14a89aa03f84aa2859e_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/ratelimit-rhel8@sha256:47b4df20a372ccacf171d16348d0d0f2193b777669225e3032441695bab2489c_ppc64le |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:ff85c9b6dd7b0c65b707e29fe46a2f097fd65b4d00de385d7dc202d63070d41d_ppc64le |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:eadf195b8411908fd245785cf1ab05dbdf87f1dcc42f279b5a349e595b9b63b0_amd64 |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:bc835e64ee52a91a2ae935e204fe7e2eda2a25f36a58d39af3a8ca4b1389683b_amd64 |
| Red Hat | openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/ratelimit-rhel8@sha256:d430dd804fea0ae5df90d2abf55d62b692d35d58690e04178aeb983dfda7dce6_s390x |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:46e931bd7273f6982e485ce1676fb6096a83158f2aa74cea1aee4740d629eb0c_s390x as a component of RHOSSM 2.2 for RHEL 8 | * |
…and 4 more
Timeline
- Sep 14, 2023 CVE Published
- Mar 18, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:5175 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2217977 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2217983 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2217985 issue
- https://issues.redhat.com/browse/OSSM-4799 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5175.json advisory
- https://access.redhat.com/security/cve/CVE-2023-35941 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-35941 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-35941 advisory
- https://access.redhat.com/security/cve/CVE-2023-35944 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-35944 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-35944 advisory
- https://access.redhat.com/security/cve/CVE-2023-35945 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-35945 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-35945 advisory
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r advisory