Back to bug 2182158
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Anten Skrabec | 2023-03-27 17:45:37 UTC | CC | security-response-team | |
| Paige Jung | 2023-03-27 17:53:03 UTC | Doc Text | A specifically constructed HTTP request or mTLS connection with a specifically crafted client certificate. Envoy configuration must also include an option to add request headers that were generated using inputs from the request, i.e. the peer certificate SAN. | A flaw was found in Envoy. Envoy doesn't escape HTTP header values due to a specifically constructed HTTP request or mTLS connection with a specifically crafted client certificate. Envoy configuration must also include an option to add request headers that were generated using inputs from the request, for example, the peer certificate SAN. |
| Pedro Sampaio | 2023-04-05 12:07:37 UTC | Summary | EMBARGOED CVE-2023-27493 envoy: envoy doesn't escape HTTP header values | CVE-2023-27493 envoy: envoy doesn't escape HTTP header values |
| Group | qe_staff, security | |||
| Deadline | 2023-04-04 | |||
| Red Hat Bugzilla | 2023-07-07 08:28:10 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | |||
| errata-xmlrpc | 2023-08-11 16:48:16 UTC | Link ID | Red Hat Product Errata RHSA-2023:4623 | |
| Product Security DevOps Team | 2023-08-11 21:15:29 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-11 21:15:29 UTC |
Back to bug 2182158