VDB
RHSA-2023%3A5530
RHSA-2023%3A5530
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:2995302941f4c0d5016e49c3a01ca3bc4d80935ce1de70c84a2124e28e290947_arm64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch-proxy-rhel8@sha256:2995302941f4c0d5016e49c3a01ca3bc4d80935ce1de70c84a2124e28e290947_arm64, *, openshift-logging/elasticsearch-proxy-rhel8@sha256:2995302941f4c0d5016e49c3a01ca3bc4d80935ce1de70c84a2124e28e290947_arm64 |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:1d6a2bd236f72f3dbb4c2e284cb2ac2554d7d79b416d57ee94b8d158ea3ea807_arm64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/cluster-logging-rhel8-operator@sha256:1d6a2bd236f72f3dbb4c2e284cb2ac2554d7d79b416d57ee94b8d158ea3ea807_arm64, *, * |
| Red Hat | openshift-logging/fluentd-rhel8@sha256:f93ddeb2a52c0aead46bb0bb2af71a68c9a11093617615faadb3b07f45590fa1_amd64 as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/fluentd-rhel8@sha256:f93ddeb2a52c0aead46bb0bb2af71a68c9a11093617615faadb3b07f45590fa1_amd64, openshift-logging/fluentd-rhel8@sha256:f93ddeb2a52c0aead46bb0bb2af71a68c9a11093617615faadb3b07f45590fa1_amd64 |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:6f64ee3aeedb891cb4b88e90c7569235d8e136cb2a66c7da1bc3ec73a518aa5d_s390x as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch-proxy-rhel8@sha256:6f64ee3aeedb891cb4b88e90c7569235d8e136cb2a66c7da1bc3ec73a518aa5d_s390x, openshift-logging/elasticsearch-proxy-rhel8@sha256:6f64ee3aeedb891cb4b88e90c7569235d8e136cb2a66c7da1bc3ec73a518aa5d_s390x, openshift-logging/elasticsearch-proxy-rhel8@sha256:6f64ee3aeedb891cb4b88e90c7569235d8e136cb2a66c7da1bc3ec73a518aa5d_s390x |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:368447ae5216ada4c092c8781d3b847a5d37606d7c4ce430376ed5d3a4384863_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch-rhel8-operator@sha256:368447ae5216ada4c092c8781d3b847a5d37606d7c4ce430376ed5d3a4384863_amd64, openshift-logging/elasticsearch-rhel8-operator@sha256:368447ae5216ada4c092c8781d3b847a5d37606d7c4ce430376ed5d3a4384863_amd64, openshift-logging/elasticsearch-rhel8-operator@sha256:368447ae5216ada4c092c8781d3b847a5d37606d7c4ce430376ed5d3a4384863_amd64 |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:90c408f644a8a853de8338f2d4c1b7ff10877973a98c15868e1e0662da8eca46_s390x as a component of RHOL 5.7 for RHEL 8 | *, openshift-logging/elasticsearch6-rhel8@sha256:90c408f644a8a853de8338f2d4c1b7ff10877973a98c15868e1e0662da8eca46_s390x, openshift-logging/elasticsearch6-rhel8@sha256:90c408f644a8a853de8338f2d4c1b7ff10877973a98c15868e1e0662da8eca46_s390x |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:a91af106ffacd6a620c6b194697516ee3e9f8aa36605873061766d9f0ec35f84_s390x as a component of RHOL 5.7 for RHEL 8 | openshift-logging/log-file-metric-exporter-rhel8@sha256:a91af106ffacd6a620c6b194697516ee3e9f8aa36605873061766d9f0ec35f84_s390x, openshift-logging/log-file-metric-exporter-rhel8@sha256:a91af106ffacd6a620c6b194697516ee3e9f8aa36605873061766d9f0ec35f84_s390x, openshift-logging/log-file-metric-exporter-rhel8@sha256:a91af106ffacd6a620c6b194697516ee3e9f8aa36605873061766d9f0ec35f84_s390x |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:75d73f70f941e73b41e38d666dc1dbdfb465cb2d182b6f3663d632da5a15feb7_s390x as a component of RHOL 5.7 for RHEL 8 | openshift-logging/loki-rhel8-operator@sha256:75d73f70f941e73b41e38d666dc1dbdfb465cb2d182b6f3663d632da5a15feb7_s390x, openshift-logging/loki-rhel8-operator@sha256:75d73f70f941e73b41e38d666dc1dbdfb465cb2d182b6f3663d632da5a15feb7_s390x, openshift-logging/loki-rhel8-operator@sha256:75d73f70f941e73b41e38d666dc1dbdfb465cb2d182b6f3663d632da5a15feb7_s390x |
| Red Hat | openshift-logging/opa-openshift-rhel8@sha256:cc216b7b979a7b216fa7d4965ad6b1a147405fe95b95eafc0aa47c758f1b16d9_arm64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/opa-openshift-rhel8@sha256:cc216b7b979a7b216fa7d4965ad6b1a147405fe95b95eafc0aa47c758f1b16d9_arm64, *, openshift-logging/opa-openshift-rhel8@sha256:cc216b7b979a7b216fa7d4965ad6b1a147405fe95b95eafc0aa47c758f1b16d9_arm64 |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:640dfbd649bde0c5fed45d5ecaf595e1cf09ffa6d76be3b75751108c0d85bbcb_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch-rhel8-operator@sha256:640dfbd649bde0c5fed45d5ecaf595e1cf09ffa6d76be3b75751108c0d85bbcb_ppc64le, openshift-logging/elasticsearch-rhel8-operator@sha256:640dfbd649bde0c5fed45d5ecaf595e1cf09ffa6d76be3b75751108c0d85bbcb_ppc64le, openshift-logging/elasticsearch-rhel8-operator@sha256:640dfbd649bde0c5fed45d5ecaf595e1cf09ffa6d76be3b75751108c0d85bbcb_ppc64le |
| Red Hat | openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a_ppc64le, openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a_ppc64le, openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a_ppc64le |
| Red Hat | openshift-logging/opa-openshift-rhel8@sha256:a99366c13fbb55e96bebe92054c09ac75133023b940df8b80a43d89c8d6db580_s390x as a component of RHOL 5.7 for RHEL 8 | openshift-logging/opa-openshift-rhel8@sha256:a99366c13fbb55e96bebe92054c09ac75133023b940df8b80a43d89c8d6db580_s390x, openshift-logging/opa-openshift-rhel8@sha256:a99366c13fbb55e96bebe92054c09ac75133023b940df8b80a43d89c8d6db580_s390x, openshift-logging/opa-openshift-rhel8@sha256:a99366c13fbb55e96bebe92054c09ac75133023b940df8b80a43d89c8d6db580_s390x |
| Red Hat | openshift-logging/elasticsearch-operator-bundle@sha256:060f8fd11a32cbb6247d7d41e4be1fc71026e9bab9238995b7b2e563fb94e6d7_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch-operator-bundle@sha256:060f8fd11a32cbb6247d7d41e4be1fc71026e9bab9238995b7b2e563fb94e6d7_amd64, *, * |
| Red Hat | openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a_ppc64le, *, openshift-logging/vector-rhel8@sha256:b5633612eab927c2d65848d0fd4629e692fbd4ea5b7aa9254ddfe6982824c06a_ppc64le |
| Red Hat | openshift-logging/logging-loki-rhel8@sha256:476a5e47090c24d1f8f5bafaca9b80e5373a2da0f14a7ec6e7254a32440adfdb_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/logging-loki-rhel8@sha256:476a5e47090c24d1f8f5bafaca9b80e5373a2da0f14a7ec6e7254a32440adfdb_ppc64le, openshift-logging/logging-loki-rhel8@sha256:476a5e47090c24d1f8f5bafaca9b80e5373a2da0f14a7ec6e7254a32440adfdb_ppc64le, openshift-logging/logging-loki-rhel8@sha256:476a5e47090c24d1f8f5bafaca9b80e5373a2da0f14a7ec6e7254a32440adfdb_ppc64le |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:0fab0830499ef530add912e8022f9d5a09addbf229e62bea989a1d8734e70a33_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch6-rhel8@sha256:0fab0830499ef530add912e8022f9d5a09addbf229e62bea989a1d8734e70a33_ppc64le, *, * |
| golang | Go | |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:c7d2ef7cf71269238bb23db61f08f9d237baa955a18cb394e8d34dc80178cdc5_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/loki-rhel8-operator@sha256:c7d2ef7cf71269238bb23db61f08f9d237baa955a18cb394e8d34dc80178cdc5_amd64, openshift-logging/loki-rhel8-operator@sha256:c7d2ef7cf71269238bb23db61f08f9d237baa955a18cb394e8d34dc80178cdc5_amd64, * |
| Red Hat | openshift-logging/logging-loki-rhel8@sha256:9fe7eba96b742b1a3d55cef2934ce6259be01faf589f0b2ec1bc3b557a833980_amd64 as a component of RHOL 5.7 for RHEL 8 | openshift-logging/logging-loki-rhel8@sha256:9fe7eba96b742b1a3d55cef2934ce6259be01faf589f0b2ec1bc3b557a833980_amd64, openshift-logging/logging-loki-rhel8@sha256:9fe7eba96b742b1a3d55cef2934ce6259be01faf589f0b2ec1bc3b557a833980_amd64, openshift-logging/logging-loki-rhel8@sha256:9fe7eba96b742b1a3d55cef2934ce6259be01faf589f0b2ec1bc3b557a833980_amd64 |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:0fab0830499ef530add912e8022f9d5a09addbf229e62bea989a1d8734e70a33_ppc64le as a component of RHOL 5.7 for RHEL 8 | openshift-logging/elasticsearch6-rhel8@sha256:0fab0830499ef530add912e8022f9d5a09addbf229e62bea989a1d8734e70a33_ppc64le, openshift-logging/elasticsearch6-rhel8@sha256:0fab0830499ef530add912e8022f9d5a09addbf229e62bea989a1d8734e70a33_ppc64le, * |
…and 107 more
Timeline
- Oct 20, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:5530 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2222167 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2228743 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/LOG-4555 advisory
- https://issues.redhat.com/browse/LOG-4569 advisory
- https://issues.redhat.com/browse/LOG-4575 advisory
- https://issues.redhat.com/browse/LOG-4686 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5530.json advisory
- https://access.redhat.com/security/cve/CVE-2023-29406 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29406 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29406 advisory
- https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 advisory
- https://access.redhat.com/security/cve/CVE-2023-29409 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29409 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29409 advisory
- https://go.dev/cl/515257 advisory
…and 15 more