Back to bug 2100563
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2022-06-23 17:37:59 UTC | CC | security-response-team | |
| Guilherme de Almeida Suckevicz | 2022-06-23 17:40:06 UTC | Comment | 0 | updated |
| Guilherme de Almeida Suckevicz | 2022-06-23 17:40:39 UTC | Blocks | 2097484 | |
| Guilherme de Almeida Suckevicz | 2022-06-29 18:27:41 UTC | Summary | EMBARGOED mod_wsgi: Trusted Proxy Headers Removing Bypass | EMBARGOED CVE-2022-2255 mod_wsgi: Trusted Proxy Headers Removing Bypass |
| Alias | CVE-2022-2255 | |||
| Guilherme de Almeida Suckevicz | 2022-06-29 18:28:18 UTC | Blocks | 2102350 | |
| Guilherme de Almeida Suckevicz | 2022-06-29 18:40:28 UTC | CC | jburrell | |
| Guilherme de Almeida Suckevicz | 2022-07-18 17:52:48 UTC | Fixed In Version | mod_wsgi 4.9.3 | |
| Guilherme de Almeida Suckevicz | 2022-07-18 17:54:51 UTC | Depends On | 2108266, 2108267, 2108263, 2108265, 2108268, 2108264 | |
| Guilherme de Almeida Suckevicz | 2022-07-18 17:59:07 UTC | Deadline | 2022-07-18 | |
| Doc Text | A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. | |||
| Guilherme de Almeida Suckevicz | 2022-07-18 17:59:54 UTC | Group | security, qe_staff | |
| CC | carl, jkaluza, lewk, mrunge, orion | |||
| Summary | EMBARGOED CVE-2022-2255 mod_wsgi: Trusted Proxy Headers Removing Bypass | CVE-2022-2255 mod_wsgi: Trusted Proxy Headers Removing Bypass | ||
| Deadline | 2022-07-18 | |||
| Guilherme de Almeida Suckevicz | 2022-07-18 18:00:11 UTC | Depends On | 2108272, 2108273 | |
| Red Hat Bugzilla | 2023-07-07 08:31:12 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 2100563