CVE-2024-7207

Rejected reason: Duplicate of CVE-2024-45806.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

30 Sep 2024, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : unknown
Summary	(es) Se encontró una falla en Envoy. Es posible modificar o manipular encabezados de clientes externos cuando se utilizan rutas de paso para la puerta de enlace de entrada. Este problema podría permitir que un usuario malintencionado falsifique lo que Envoy registra como ruta solicitada y hacer que el proxy de Envoy realice solicitudes a servicios internos únicamente o a sistemas externos arbitrarios. Esta es una regresión de la corrección para CVE-2023-27487.
Summary	(en) A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487.	(en) Rejected reason: Duplicate of CVE-2024-45806.
CPE	cpe:2.3:a:envoyproxy:envoy:::::::: cpe:2.3:a:redhat:openshift_service_mesh:2.0:::::::*
CWE	CWE-20 NVD-CWE-noinfo
References	~~{'url': 'https://access.redhat.com/security/cve/CVE-2024-7207', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=2300352', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf', 'tags': ['Vendor Advisory'], 'source': 'secalert@redhat.com'}~~

25 Sep 2024, 17:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.2~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:envoyproxy:envoy:::::::: cpe:2.3:a:redhat:openshift_service_mesh:2.0:::::::*
CWE		NVD-CWE-noinfo
First Time		Envoyproxy envoy Redhat Envoyproxy Redhat openshift Service Mesh
References	~~() https://access.redhat.com/security/cve/CVE-2024-7207 -~~	() https://access.redhat.com/security/cve/CVE-2024-7207 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2300352 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2300352 - Issue Tracking, Third Party Advisory
References	~~() https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf -~~	() https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf - Vendor Advisory

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en Envoy. Es posible modificar o manipular encabezados de clientes externos cuando se utilizan rutas de paso para la puerta de enlace de entrada. Este problema podría permitir que un usuario malintencionado falsifique lo que Envoy registra como ruta solicitada y hacer que el proxy de Envoy realice solicitudes a servicios internos únicamente o a sistemas externos arbitrarios. Esta es una regresión de la corrección para CVE-2023-27487.

19 Sep 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-19 23:15

Updated : 2024-09-30 19:15

NVD link : CVE-2024-7207

Mitre link : CVE-2024-7207

CVE.ORG link : CVE-2024-7207

JSON object : View

Products Affected

No product.

CWE

No CWE.