Bug 2182158 (CVE-2023-27493) - CVE-2023-27493 envoy: envoy doesn't escape HTTP header values
Summary: CVE-2023-27493 envoy: envoy doesn't escape HTTP header values
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-27493
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2178208
TreeView+ depends on / blocked
 
Reported: 2023-03-27 17:45 UTC by Anten Skrabec
Modified: 2023-08-31 05:39 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was found in Envoy. Envoy doesn't escape HTTP header values due to a specifically constructed HTTP request or mTLS connection with a specifically crafted client certificate. Envoy configuration must also include an option to add request headers that were generated using inputs from the request, for example, the peer certificate SAN.
Clone Of:
Environment:
Last Closed: 2023-08-11 21:15:29 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4623 0 None None None 2023-08-11 16:48:16 UTC

Description Anten Skrabec 2023-03-27 17:45:37 UTC
A specifically constructed HTTP request or mTLS connection with a specifically crafted client certificate.

Envoy configuration must also include an option to add request headers that were generated using inputs from the request, i.e. the peer certificate SAN.

Comment 5 errata-xmlrpc 2023-08-11 16:48:15 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.2 for RHEL 8

Via RHSA-2023:4623 https://access.redhat.com/errata/RHSA-2023:4623

Comment 6 Product Security DevOps Team 2023-08-11 21:15:28 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-27493


Note You need to log in before you can comment on or make changes to this bug.