VDB
RHSA-2023%3A6085
RHSA-2023%3A6085
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le, rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le, rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le |
| Red Hat | rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x, rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x, rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x |
| Red Hat | rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64, rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64, * |
| Red Hat | rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64, rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64, rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 |
| Red Hat | rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x, rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x, rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x |
| Red Hat | rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x, rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x, rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x |
| Red Hat | rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 as a component of Red Hat OpenShift distributed tracing 2.9 | *, rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64, rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 |
| Red Hat | rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le, *, * |
| Red Hat | rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9 | *, *, rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le |
| Red Hat | rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le, rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le, * |
| Red Hat | rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 as a component of Red Hat OpenShift distributed tracing 2.9 | *, rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64, rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 |
| Red Hat | rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x, rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x, * |
| Red Hat | rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le, rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le, * |
| Red Hat | rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64, rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64, * |
| Red Hat | rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x as a component of Red Hat OpenShift distributed tracing 2.9 | *, rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x, rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x |
| Red Hat | rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x, *, * |
| Red Hat | rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9 | *, *, rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le |
| Red Hat | rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x as a component of Red Hat OpenShift distributed tracing 2.9 | rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x, rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x, rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x |
| Red Hat | rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 as a component of Red Hat OpenShift distributed tracing 2.9 | *, *, rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 |
| Red Hat | rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9 | *, rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le, rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le |
…and 89 more
Timeline
- Oct 24, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:6085 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2222167 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2228743 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237773 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237776 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237777 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237778 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6085.json advisory
- https://access.redhat.com/security/cve/CVE-2023-29406 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29406 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29406 advisory
- https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 advisory
- https://access.redhat.com/security/cve/CVE-2023-29409 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29409 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29409 advisory
- https://go.dev/cl/515257 advisory
…and 38 more