Hide Forgot
When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more usual case where a Director function set the X-Forwarded-For header value to nil, ReverseProxy would leave the header unmodified as expected.
Created golang tracking bugs for this issue: Affects: fedora-all [bug 2107384]
Created golang tracking bugs for this issue: Affects: epel-all [bug 2110286]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5775 https://access.redhat.com/errata/RHSA-2022:5775
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2022:5866 https://access.redhat.com/errata/RHSA-2022:5866
This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
This issue has been addressed in the following products: Openshift Serveless 1.24 Via RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
This issue has been addressed in the following products: Application Interconnect 1 for RHEL 8 Via RHSA-2022:6113 https://access.redhat.com/errata/RHSA-2022:6113
This issue has been addressed in the following products: Node Maintenance Operator 4.11 for RHEL 8 Via RHSA-2022:6188 https://access.redhat.com/errata/RHSA-2022:6188
This issue has been addressed in the following products: OSSO-1.1-RHEL-8 Via RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346
This issue has been addressed in the following products: Logging subsystem for Red Hat OpenShift 5.4 Via RHSA-2022:6183 https://access.redhat.com/errata/RHSA-2022:6183
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8 Via RHSA-2022:6348 https://access.redhat.com/errata/RHSA-2022:6348
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.1 for RHEL 8 Via RHSA-2022:6345 https://access.redhat.com/errata/RHSA-2022:6345
This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:6344 https://access.redhat.com/errata/RHSA-2022:6344
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6370 https://access.redhat.com/errata/RHSA-2022:6370
This issue has been addressed in the following products: OADP-1.0-RHEL-8 Via RHSA-2022:6430 https://access.redhat.com/errata/RHSA-2022:6430
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7129 https://access.redhat.com/errata/RHSA-2022:7129
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7529 https://access.redhat.com/errata/RHSA-2022:7529
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7648 https://access.redhat.com/errata/RHSA-2022:7648
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8250 https://access.redhat.com/errata/RHSA-2022:8250
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Ironic content for Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8626 https://access.redhat.com/errata/RHSA-2022:8626
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2022:9047 https://access.redhat.com/errata/RHSA-2022:9047
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7399 https://access.redhat.com/errata/RHSA-2022:7399
This issue has been addressed in the following products: RHEL-8-CNV-4.12 RHEL-7-CNV-4.12 Via RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
This issue has been addressed in the following products: RHEL-8-CNV-4.12 Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
This issue has been addressed in the following products: OpenShift Custom Metrics Autoscaler 2 Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Red Hat OpenStack Platform 16.2 Via RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2357 https://access.redhat.com/errata/RHSA-2023:2357
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-32148