Bug 2132868 (CVE-2022-2880) - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
Summary: CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unpa...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2880
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2138888 2132876 2132877 2133915 2133916 2133917 2133920 2133922 2133923 2133925 2133926 2133927 2134346 2134405 2134406 2134407 2134441 2134442 2134443 2134445 2134446 2134447 2134448 2134449 2134450 2134453 2134454 2134455 2134456 2134457 2134471 2134472 2134473 2134474 2134475 2134476 2134477 2136717 2136718 2136719 2136720 2136721 2136722 2136723 2136835 2136839 2136841 2136843 2136849 2138889
Blocks: 2132475
TreeView+ depends on / blocked
 
Reported: 2022-10-07 04:54 UTC by Avinash Hanwate
Modified: 2024-05-22 11:38 UTC (History)
114 users (show)

Fixed In Version: go 1.19.2, go 1.18.7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
Clone Of:
Environment:
Last Closed: 2023-05-18 19:42:27 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7398 0 None None None 2023-01-17 14:51:36 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:37:34 UTC
Red Hat Product Errata RHSA-2022:8781 0 None None None 2022-12-08 07:37:59 UTC
Red Hat Product Errata RHSA-2023:0264 0 None None None 2023-01-19 11:04:41 UTC
Red Hat Product Errata RHSA-2023:0328 0 None None None 2023-01-23 15:20:28 UTC
Red Hat Product Errata RHSA-2023:0445 0 None None None 2023-01-25 08:31:04 UTC
Red Hat Product Errata RHSA-2023:0446 0 None None None 2023-01-25 09:16:00 UTC
Red Hat Product Errata RHSA-2023:0542 0 None None None 2023-01-30 17:21:03 UTC
Red Hat Product Errata RHSA-2023:0584 0 None None None 2023-05-18 14:27:58 UTC
Red Hat Product Errata RHSA-2023:0631 0 None None None 2023-02-07 17:24:17 UTC
Red Hat Product Errata RHSA-2023:0693 0 None None None 2023-02-09 02:17:32 UTC
Red Hat Product Errata RHSA-2023:0708 0 None None None 2023-02-09 09:26:10 UTC
Red Hat Product Errata RHSA-2023:0709 0 None None None 2023-02-09 12:05:40 UTC
Red Hat Product Errata RHSA-2023:0727 0 None None None 2023-02-16 14:14:20 UTC
Red Hat Product Errata RHSA-2023:1042 0 None None None 2023-03-06 18:40:53 UTC
Red Hat Product Errata RHSA-2023:1174 0 None None None 2023-03-09 01:25:08 UTC
Red Hat Product Errata RHSA-2023:1275 0 None None None 2023-03-15 19:56:02 UTC
Red Hat Product Errata RHSA-2023:2167 0 None None None 2023-05-09 07:13:50 UTC
Red Hat Product Errata RHSA-2023:2204 0 None None None 2023-05-09 07:17:51 UTC
Red Hat Product Errata RHSA-2023:2357 0 None None None 2023-05-09 07:35:19 UTC
Red Hat Product Errata RHSA-2023:2780 0 None None None 2023-05-16 08:11:54 UTC
Red Hat Product Errata RHSA-2023:2784 0 None None None 2023-05-16 08:12:25 UTC
Red Hat Product Errata RHSA-2023:2866 0 None None None 2023-05-16 08:21:54 UTC
Red Hat Product Errata RHSA-2023:3205 0 None None None 2023-05-18 02:55:33 UTC
Red Hat Product Errata RHSA-2023:3613 0 None None None 2023-06-26 01:16:02 UTC
Red Hat Product Errata RHSA-2023:3642 0 None None None 2023-06-15 16:01:15 UTC
Red Hat Product Errata RHSA-2023:3664 0 None None None 2023-06-19 10:33:08 UTC
Red Hat Product Errata RHSA-2023:3742 0 None None None 2023-06-22 19:52:01 UTC
Red Hat Product Errata RHSA-2023:4003 0 None None None 2023-07-10 08:51:11 UTC
Red Hat Product Errata RHSA-2024:0121 0 None None None 2024-01-10 11:27:52 UTC
Red Hat Product Errata RHSA-2024:2944 0 None None None 2024-05-21 14:07:04 UTC
Red Hat Product Errata RHSA-2024:2988 0 None None None 2024-05-22 09:27:29 UTC
Red Hat Product Errata RHSA-2024:3254 0 None None None 2024-05-22 11:38:04 UTC

Description Avinash Hanwate 2022-10-07 04:54:12 UTC
Requests forwarded by ReverseProxy included the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value.

ReverseProxy will now sanitize the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy.Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.

Ref: https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1

Comment 1 Avinash Hanwate 2022-10-07 05:05:31 UTC
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2132876]
Affects: fedora-all [bug 2132877]

Comment 17 errata-xmlrpc 2022-12-08 07:37:53 UTC
This issue has been addressed in the following products:

  RHOL-5.5-RHEL-8

Via RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781

Comment 36 errata-xmlrpc 2023-01-17 14:51:30 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398

Comment 37 errata-xmlrpc 2023-01-17 19:37:28 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2022:7399 https://access.redhat.com/errata/RHSA-2022:7399

Comment 38 errata-xmlrpc 2023-01-19 11:04:36 UTC
This issue has been addressed in the following products:

  RHOL-5.6-RHEL-8

Via RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264

Comment 42 errata-xmlrpc 2023-01-23 15:20:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0328 https://access.redhat.com/errata/RHSA-2023:0328

Comment 43 errata-xmlrpc 2023-01-25 08:31:00 UTC
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2023:0445 https://access.redhat.com/errata/RHSA-2023:0445

Comment 44 errata-xmlrpc 2023-01-25 09:15:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0446 https://access.redhat.com/errata/RHSA-2023:0446

Comment 45 errata-xmlrpc 2023-01-30 17:20:58 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.3 for RHEL 8

Via RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542

Comment 53 errata-xmlrpc 2023-02-07 17:24:12 UTC
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:0631 https://access.redhat.com/errata/RHSA-2023:0631

Comment 55 errata-xmlrpc 2023-02-09 02:17:27 UTC
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693

Comment 56 errata-xmlrpc 2023-02-09 09:26:06 UTC
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2023:0708 https://access.redhat.com/errata/RHSA-2023:0708

Comment 57 errata-xmlrpc 2023-02-09 12:05:36 UTC
This issue has been addressed in the following products:

  RHOSS-1.27-RHEL-8

Via RHSA-2023:0709 https://access.redhat.com/errata/RHSA-2023:0709

Comment 58 errata-xmlrpc 2023-02-16 14:14:15 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:0727 https://access.redhat.com/errata/RHSA-2023:0727

Comment 60 errata-xmlrpc 2023-03-06 18:40:47 UTC
This issue has been addressed in the following products:

  OpenShift Custom Metrics Autoscaler 2

Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042

Comment 61 errata-xmlrpc 2023-03-09 01:25:02 UTC
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2023:1174 https://access.redhat.com/errata/RHSA-2023:1174

Comment 64 errata-xmlrpc 2023-03-15 19:55:58 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1
  Red Hat OpenStack Platform 16.2

Via RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275

Comment 65 errata-xmlrpc 2023-05-09 07:13:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2167 https://access.redhat.com/errata/RHSA-2023:2167

Comment 66 errata-xmlrpc 2023-05-09 07:17:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2204 https://access.redhat.com/errata/RHSA-2023:2204

Comment 67 errata-xmlrpc 2023-05-09 07:35:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2357 https://access.redhat.com/errata/RHSA-2023:2357

Comment 70 errata-xmlrpc 2023-05-16 08:11:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2780 https://access.redhat.com/errata/RHSA-2023:2780

Comment 71 errata-xmlrpc 2023-05-16 08:12:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2784 https://access.redhat.com/errata/RHSA-2023:2784

Comment 72 errata-xmlrpc 2023-05-16 08:21:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2866 https://access.redhat.com/errata/RHSA-2023:2866

Comment 74 errata-xmlrpc 2023-05-18 02:55:28 UTC
This issue has been addressed in the following products:

  RHEL-9-CNV-4.13

Via RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205

Comment 75 errata-xmlrpc 2023-05-18 14:27:53 UTC
This issue has been addressed in the following products:

  OSSO-1.1-RHEL-8

Via RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584

Comment 76 Product Security DevOps Team 2023-05-18 19:42:22 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2880

Comment 77 errata-xmlrpc 2023-06-15 16:01:08 UTC
This issue has been addressed in the following products:

  Red Hat Ceph Storage 6.1

Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642

Comment 79 errata-xmlrpc 2023-06-19 10:33:02 UTC
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.11

Via RHSA-2023:3664 https://access.redhat.com/errata/RHSA-2023:3664

Comment 80 errata-xmlrpc 2023-06-22 19:51:56 UTC
This issue has been addressed in the following products:

  RHODF-4.13-RHEL-9

Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742

Comment 81 errata-xmlrpc 2023-06-26 01:15:56 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:3613 https://access.redhat.com/errata/RHSA-2023:3613

Comment 82 errata-xmlrpc 2023-07-10 08:51:06 UTC
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 8
  Service Interconnect 1 for RHEL 9

Via RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003

Comment 84 errata-xmlrpc 2024-01-10 11:27:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121

Comment 87 errata-xmlrpc 2024-05-21 14:06:55 UTC
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2024:2944 https://access.redhat.com/errata/RHSA-2024:2944

Comment 88 errata-xmlrpc 2024-05-22 09:27:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2988 https://access.redhat.com/errata/RHSA-2024:2988

Comment 89 errata-xmlrpc 2024-05-22 11:37:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3254 https://access.redhat.com/errata/RHSA-2024:3254


Note You need to log in before you can comment on or make changes to this bug.