RHSA-2025%3A3922 — Vulnetix

RHSA-2025%3A3922 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.

Risk Scores

CVSS 3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

…and 36 more

Exploit Intelligence

yet-another-sort-grype.html (github-poc)

Timeline

Apr 15, 2025 CVE Published
Apr 25, 2026 Distribution Patch
Apr 25, 2026 Distribution Patch
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
May 15, 2026 CVE Updated

References

https://access.redhat.com/errata/RHSA-2025:3922 advisory
https://access.redhat.com/security/updates/classification/#moderate advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2341751 issue
https://bugzilla.redhat.com/show_bug.cgi?id=2344219 issue
https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3922.json advisory
https://access.redhat.com/security/cve/CVE-2024-45336 advisory
https://www.cve.org/CVERecord?id=CVE-2024-45336 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-45336 advisory
https://github.com/golang/go/issues/70530 advisory
https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI advisory
https://access.redhat.com/security/cve/CVE-2025-22866 advisory
https://www.cve.org/CVERecord?id=CVE-2025-22866 advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-22866 advisory
https://go.dev/cl/643735 advisory
https://go.dev/issue/71383 advisory
https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k advisory
https://pkg.go.dev/vuln/GO-2025-3447 advisory

Open in Interactive Console →

Vendor	Product	Versions
Red Hat	openshift-service-mesh/proxyv2-rhel8@sha256:7e56a2232e872992d9445fd40347c92801d32b215c3ecb73ae9667ff6931108a_s390x as a component of RHOSSM 2.5 for RHEL 8	, , openshift-service-mesh/proxyv2-rhel8@sha256:7e56a2232e872992d9445fd40347c92801d32b215c3ecb73ae9667ff6931108a_s390x
Red Hat	openshift-service-mesh/grafana-rhel8@sha256:4ca2cc3742e64531273fc1b35511fffe352e65a5527ae041c7bf2075f5b29911_arm64 as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/grafana-rhel8@sha256:4ca2cc3742e64531273fc1b35511fffe352e65a5527ae041c7bf2075f5b29911_arm64
Red Hat	openshift-service-mesh/ratelimit-rhel8@sha256:43dd45558fabc8c174a15cfee660494dab76f324472c5a3ac58377c66b212b91_ppc64le as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/ratelimit-rhel8@sha256:43dd45558fabc8c174a15cfee660494dab76f324472c5a3ac58377c66b212b91_ppc64le
Red Hat	openshift-service-mesh/pilot-rhel8@sha256:a88a232308fc41065171f1bc00d2732c3f3f20316017fa9756335d4bef9e0a9d_arm64 as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/pilot-rhel8@sha256:a88a232308fc41065171f1bc00d2732c3f3f20316017fa9756335d4bef9e0a9d_arm64
Red Hat	openshift-service-mesh/ratelimit-rhel8@sha256:43dd45558fabc8c174a15cfee660494dab76f324472c5a3ac58377c66b212b91_ppc64le as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/ratelimit-rhel8@sha256:43dd45558fabc8c174a15cfee660494dab76f324472c5a3ac58377c66b212b91_ppc64le, *, openshift-service-mesh/ratelimit-rhel8@sha256:43dd45558fabc8c174a15cfee660494dab76f324472c5a3ac58377c66b212b91_ppc64le
Red Hat	openshift-service-mesh/kiali-rhel8@sha256:d1915eb9104878a80d8dabe2d94d08fb05ebb2fd8f98eeac5db583c6a8523654_s390x as a component of RHOSSM 2.5 for RHEL 8	*
Red Hat	openshift-service-mesh/grafana-rhel8@sha256:d5dbb543c850a8e1e3906b612726833716f456b62a4011b1f8dab9cd22c59c01_s390x as a component of RHOSSM 2.5 for RHEL 8	, , *
Red Hat	openshift-service-mesh/pilot-rhel8@sha256:0dbfe58c19fed17005e091d3f436c9929eabd9749befa3631848121ddabe011f_amd64 as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/pilot-rhel8@sha256:0dbfe58c19fed17005e091d3f436c9929eabd9749befa3631848121ddabe011f_amd64
Red Hat	openshift-service-mesh/istio-cni-rhel8@sha256:69d4c2058d655572e30311736a9c8d375a106d6bb5aacd79ef7446ab56709563_amd64 as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/istio-cni-rhel8@sha256:69d4c2058d655572e30311736a9c8d375a106d6bb5aacd79ef7446ab56709563_amd64, *, openshift-service-mesh/istio-cni-rhel8@sha256:69d4c2058d655572e30311736a9c8d375a106d6bb5aacd79ef7446ab56709563_amd64
Red Hat	openshift-service-mesh/kiali-ossmc-rhel8@sha256:13dcb4d7d8a4cb0b9d558e5d109ada4edbdd4010d02b684706f5710a141fcc8f_ppc64le as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/kiali-ossmc-rhel8@sha256:13dcb4d7d8a4cb0b9d558e5d109ada4edbdd4010d02b684706f5710a141fcc8f_ppc64le
Red Hat	openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bfcc66f0dcaa577496389ba4a9d768c8d7e2b23dab37e8a654b23e55b4196de_arm64 as a component of RHOSSM 2.5 for RHEL 8	*, openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bfcc66f0dcaa577496389ba4a9d768c8d7e2b23dab37e8a654b23e55b4196de_arm64, openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bfcc66f0dcaa577496389ba4a9d768c8d7e2b23dab37e8a654b23e55b4196de_arm64
Red Hat	openshift-service-mesh/ratelimit-rhel8@sha256:95ffba5e1be1911ebaa7e29b7af35a2fc1f6e42deaf09d28ce5af3663b9179af_arm64 as a component of RHOSSM 2.5 for RHEL 8	*, openshift-service-mesh/ratelimit-rhel8@sha256:95ffba5e1be1911ebaa7e29b7af35a2fc1f6e42deaf09d28ce5af3663b9179af_arm64, openshift-service-mesh/ratelimit-rhel8@sha256:95ffba5e1be1911ebaa7e29b7af35a2fc1f6e42deaf09d28ce5af3663b9179af_arm64
Red Hat	openshift-service-mesh/proxyv2-rhel8@sha256:7e56a2232e872992d9445fd40347c92801d32b215c3ecb73ae9667ff6931108a_s390x as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/proxyv2-rhel8@sha256:7e56a2232e872992d9445fd40347c92801d32b215c3ecb73ae9667ff6931108a_s390x
Red Hat	openshift-service-mesh/istio-cni-rhel8@sha256:3b92a8c34e3a06bdd1434cadbdb841ec1826a1500da693cfe7e8824142370e14_ppc64le as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/istio-cni-rhel8@sha256:3b92a8c34e3a06bdd1434cadbdb841ec1826a1500da693cfe7e8824142370e14_ppc64le, ,
Red Hat	openshift-service-mesh/istio-cni-rhel8@sha256:69d4c2058d655572e30311736a9c8d375a106d6bb5aacd79ef7446ab56709563_amd64 as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/istio-cni-rhel8@sha256:69d4c2058d655572e30311736a9c8d375a106d6bb5aacd79ef7446ab56709563_amd64
Red Hat	openshift-service-mesh/kiali-ossmc-rhel8@sha256:e7631c53bc0aeb4756aec062bc2af6b6dc10d866c527cda043cb29352e912315_amd64 as a component of RHOSSM 2.5 for RHEL 8	, openshift-service-mesh/kiali-ossmc-rhel8@sha256:e7631c53bc0aeb4756aec062bc2af6b6dc10d866c527cda043cb29352e912315_amd64,
Red Hat	openshift-service-mesh/istio-cni-rhel8@sha256:eee7614663e691a38b9aeb9a3d24edaeab8c14aca913c4a4590f879e94c4f149_s390x as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/istio-cni-rhel8@sha256:eee7614663e691a38b9aeb9a3d24edaeab8c14aca913c4a4590f879e94c4f149_s390x, *, openshift-service-mesh/istio-cni-rhel8@sha256:eee7614663e691a38b9aeb9a3d24edaeab8c14aca913c4a4590f879e94c4f149_s390x
Red Hat	openshift-service-mesh/istio-cni-rhel8@sha256:ce581d6ca8b4a780b9725c794cb20e86b944a346babffa2c06189d6b712335f2_arm64 as a component of RHOSSM 2.5 for RHEL 8	, , openshift-service-mesh/istio-cni-rhel8@sha256:ce581d6ca8b4a780b9725c794cb20e86b944a346babffa2c06189d6b712335f2_arm64
Red Hat	openshift-service-mesh/kiali-ossmc-rhel8@sha256:30059f1449c3397fa40946efa91ab009be4d56dda97116e471f62495d94f9446_s390x as a component of RHOSSM 2.5 for RHEL 8	openshift-service-mesh/kiali-ossmc-rhel8@sha256:30059f1449c3397fa40946efa91ab009be4d56dda97116e471f62495d94f9446_s390x
Red Hat	openshift-service-mesh/kiali-rhel8@sha256:f808b2e9c12c0380686af71f5a87b39f611be4a694523d65ca87479a8f105c96_ppc64le as a component of RHOSSM 2.5 for RHEL 8	, , openshift-service-mesh/kiali-rhel8@sha256:f808b2e9c12c0380686af71f5a87b39f611be4a694523d65ca87479a8f105c96_ppc64le