CVE-2024-7207

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7207
Rejected reason: Duplicate of CVE-2024-45806.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

30 Sep 2024, 19:15

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2024-7207', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=2300352', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf', 'tags': ['Vendor Advisory'], 'source': 'secalert@redhat.com'}
CWE NVD-CWE-noinfo
CWE-20
Summary
  • (es) Se encontró una falla en Envoy. Es posible modificar o manipular encabezados de clientes externos cuando se utilizan rutas de paso para la puerta de enlace de entrada. Este problema podría permitir que un usuario malintencionado falsifique lo que Envoy registra como ruta solicitada y hacer que el proxy de Envoy realice solicitudes a servicios internos únicamente o a sistemas externos arbitrarios. Esta es una regresión de la corrección para CVE-2023-27487.
Summary (en) A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487. (en) Rejected reason: Duplicate of CVE-2024-45806.
CPE cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown

25 Sep 2024, 17:51

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2024-7207 - () https://access.redhat.com/security/cve/CVE-2024-7207 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2300352 - () https://bugzilla.redhat.com/show_bug.cgi?id=2300352 - Issue Tracking, Third Party Advisory
References () https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf - () https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf - Vendor Advisory
CPE cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Redhat
Redhat openshift Service Mesh
Envoyproxy envoy
Envoyproxy
CVSS v2 : unknown
v3 : 8.2 		v2 : unknown
v3 : 9.8

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en Envoy. Es posible modificar o manipular encabezados de clientes externos cuando se utilizan rutas de paso para la puerta de enlace de entrada. Este problema podría permitir que un usuario malintencionado falsifique lo que Envoy registra como ruta solicitada y hacer que el proxy de Envoy realice solicitudes a servicios internos únicamente o a sistemas externos arbitrarios. Esta es una regresión de la corrección para CVE-2023-27487.

19 Sep 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-19 23:15

Updated : 2024-09-30 19:15

NVD link : CVE-2024-7207

Mitre link : CVE-2024-7207

CVE.ORG link : CVE-2024-7207

JSON object : View

Products Affected

No product.

CWE

No CWE.