VDB
RHSA-2023%3A6115
RHSA-2023%3A6115
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x, oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x, oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x |
| Red Hat | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le, *, oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le |
| Red Hat | oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64, oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64, oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 |
| Red Hat | oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le, oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le, oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le |
| Red Hat | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x, oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x, oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x |
| Red Hat | oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x as a component of 8Base-OADP-1.1 | *, *, * |
| Red Hat | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le, oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le, oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le |
| Red Hat | oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le, oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le, oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le |
| Red Hat | oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 as a component of 8Base-OADP-1.1 | *, *, oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 |
| Red Hat | oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x as a component of 8Base-OADP-1.1 | oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x, oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x, oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x |
| Red Hat | oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64, oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64, oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 |
| Red Hat | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le, oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le, * |
| Red Hat | oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64, oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64, oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 |
| Red Hat | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le, *, * |
| Red Hat | oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le, oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le, * |
| Red Hat | oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le as a component of 8Base-OADP-1.1 | *, oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le, oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le |
| Red Hat | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64, oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64, oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 |
| Red Hat | oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le as a component of 8Base-OADP-1.1 | *, oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le, oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le |
| Red Hat | oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 as a component of 8Base-OADP-1.1 | oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64, oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64, oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 |
| Red Hat | oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x as a component of 8Base-OADP-1.1 | *, oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x, * |
…and 53 more
Timeline
- Oct 25, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:6115 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2222167 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2228743 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237773 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237776 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237777 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237778 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6115.json advisory
- https://access.redhat.com/security/cve/CVE-2023-29406 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29406 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29406 advisory
- https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 advisory
- https://access.redhat.com/security/cve/CVE-2023-29409 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29409 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29409 advisory
- https://go.dev/cl/515257 advisory
…and 38 more