VDB
RHSA-2023%3A6161
RHSA-2023%3A6161
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64, *, rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 as a component of 8Base-RHMTC-1.7 | *, *, rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64, *, rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64, rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 |
| Red Hat | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64, rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 |
| Red Hat | rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64, * |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64, rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64, rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 |
| Red Hat | rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | |
| Red Hat | rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 as a component of 8Base-RHMTC-1.7 | *, *, rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 |
| Red Hat | rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64, rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64, rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64, rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64, rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 |
| Red Hat | rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64, *, rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 |
| Red Hat | rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64, *, rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 |
| Red Hat | rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 as a component of 8Base-RHMTC-1.7 | *, *, rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 as a component of 8Base-RHMTC-1.7 | *, *, * |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64, rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64, rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 as a component of 8Base-RHMTC-1.7 | *, rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64, rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 |
| Red Hat | rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64, rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64, rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 |
| Red Hat | rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64, *, rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 |
| Red Hat | rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 as a component of 8Base-RHMTC-1.7 | *, *, * |
…and 15 more
Timeline
- Oct 30, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:6161 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2222167 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2228743 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237773 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237776 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237777 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237778 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6161.json advisory
- https://access.redhat.com/security/cve/CVE-2023-29406 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29406 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29406 advisory
- https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 advisory
- https://access.redhat.com/security/cve/CVE-2023-29409 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29409 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29409 advisory
- https://go.dev/cl/515257 advisory
…and 38 more