Vulnerability Database
Blog
FAQ
Docs
RHSA-2022:1276
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2022:1276
Import Source
https://security.access.redhat.com/data/osv/RHSA-2022:1276.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2022:1276
Related
CVE-2020-28851
CVE-2020-28852
CVE-2021-29482
CVE-2021-29923
CVE-2021-3121
CVE-2021-36221
CVE-2021-3749
CVE-2021-43565
CVE-2021-43824
CVE-2021-43825
CVE-2021-43826
CVE-2022-21654
CVE-2022-21655
CVE-2022-23606
CVE-2022-23635
CVE-2022-24726
Published
2024-09-30T14:20:27Z
Modified
2024-12-21T10:01:26Z
Severity
9.4 (Critical)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVSS Calculator
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update
Details
References
https://access.redhat.com/errata/RHSA-2022:1276
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1913333
https://bugzilla.redhat.com/show_bug.cgi?id=1913338
https://bugzilla.redhat.com/show_bug.cgi?id=1921650
https://bugzilla.redhat.com/show_bug.cgi?id=1954368
https://bugzilla.redhat.com/show_bug.cgi?id=1992006
https://bugzilla.redhat.com/show_bug.cgi?id=1995656
https://bugzilla.redhat.com/show_bug.cgi?id=1999784
https://bugzilla.redhat.com/show_bug.cgi?id=2030787
https://bugzilla.redhat.com/show_bug.cgi?id=2050744
https://bugzilla.redhat.com/show_bug.cgi?id=2050746
https://bugzilla.redhat.com/show_bug.cgi?id=2050748
https://bugzilla.redhat.com/show_bug.cgi?id=2050753
https://bugzilla.redhat.com/show_bug.cgi?id=2050757
https://bugzilla.redhat.com/show_bug.cgi?id=2050758
https://bugzilla.redhat.com/show_bug.cgi?id=2057277
https://bugzilla.redhat.com/show_bug.cgi?id=2061638
https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1276.json
https://access.redhat.com/security/cve/CVE-2020-28851
https://www.cve.org/CVERecord?id=CVE-2020-28851
https://nvd.nist.gov/vuln/detail/CVE-2020-28851
https://access.redhat.com/security/cve/CVE-2020-28852
https://www.cve.org/CVERecord?id=CVE-2020-28852
https://nvd.nist.gov/vuln/detail/CVE-2020-28852
https://access.redhat.com/security/cve/CVE-2021-3121
https://www.cve.org/CVERecord?id=CVE-2021-3121
https://nvd.nist.gov/vuln/detail/CVE-2021-3121
https://access.redhat.com/security/cve/CVE-2021-3749
https://www.cve.org/CVERecord?id=CVE-2021-3749
https://nvd.nist.gov/vuln/detail/CVE-2021-3749
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31
https://access.redhat.com/security/cve/CVE-2021-29482
https://www.cve.org/CVERecord?id=CVE-2021-29482
https://nvd.nist.gov/vuln/detail/CVE-2021-29482
https://access.redhat.com/security/cve/CVE-2021-29923
https://www.cve.org/CVERecord?id=CVE-2021-29923
https://nvd.nist.gov/vuln/detail/CVE-2021-29923
https://sick.codes/sick-2021-016/
https://access.redhat.com/security/cve/CVE-2021-36221
https://www.cve.org/CVERecord?id=CVE-2021-36221
https://nvd.nist.gov/vuln/detail/CVE-2021-36221
https://groups.google.com/g/golang-announce/c/uHACNfXAZqk
https://access.redhat.com/security/cve/CVE-2021-43565
https://www.cve.org/CVERecord?id=CVE-2021-43565
https://nvd.nist.gov/vuln/detail/CVE-2021-43565
https://access.redhat.com/security/cve/CVE-2021-43824
https://www.cve.org/CVERecord?id=CVE-2021-43824
https://nvd.nist.gov/vuln/detail/CVE-2021-43824
https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p
https://access.redhat.com/security/cve/CVE-2021-43825
https://www.cve.org/CVERecord?id=CVE-2021-43825
https://nvd.nist.gov/vuln/detail/CVE-2021-43825
https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh
https://access.redhat.com/security/cve/CVE-2021-43826
https://www.cve.org/CVERecord?id=CVE-2021-43826
https://nvd.nist.gov/vuln/detail/CVE-2021-43826
https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf
https://access.redhat.com/security/cve/CVE-2022-21654
https://www.cve.org/CVERecord?id=CVE-2022-21654
https://nvd.nist.gov/vuln/detail/CVE-2022-21654
https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283
https://access.redhat.com/security/cve/CVE-2022-21655
https://www.cve.org/CVERecord?id=CVE-2022-21655
https://nvd.nist.gov/vuln/detail/CVE-2022-21655
https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg
https://access.redhat.com/security/cve/CVE-2022-23606
https://www.cve.org/CVERecord?id=CVE-2022-23606
https://nvd.nist.gov/vuln/detail/CVE-2022-23606
https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf
https://access.redhat.com/security/cve/CVE-2022-23635
https://www.cve.org/CVERecord?id=CVE-2022-23635
https://nvd.nist.gov/vuln/detail/CVE-2022-23635
https://istio.io/latest/news/security/istio-security-2022-003
https://access.redhat.com/security/cve/CVE-2022-24726
https://www.cve.org/CVERecord?id=CVE-2022-24726
https://nvd.nist.gov/vuln/detail/CVE-2022-24726
https://istio.io/latest/news/security/istio-security-2022-004/
Affected packages
Red Hat:service_mesh:2.0::el8
/
servicemesh
Package
Name
servicemesh
Purl
pkg:rpm/redhat/servicemesh
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.9-3.el8
Red Hat:service_mesh:2.0::el8
/
servicemesh-istioctl
Package
Name
servicemesh-istioctl
Purl
pkg:rpm/redhat/servicemesh-istioctl
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.9-3.el8
Red Hat:service_mesh:2.0::el8
/
servicemesh-mixc
Package
Name
servicemesh-mixc
Purl
pkg:rpm/redhat/servicemesh-mixc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.9-3.el8
Red Hat:service_mesh:2.0::el8
/
servicemesh-mixs
Package
Name
servicemesh-mixs
Purl
pkg:rpm/redhat/servicemesh-mixs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.9-3.el8
Red Hat:service_mesh:2.0::el8
/
servicemesh-pilot-agent
Package
Name
servicemesh-pilot-agent
Purl
pkg:rpm/redhat/servicemesh-pilot-agent
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.9-3.el8
Red Hat:service_mesh:2.0::el8
/
servicemesh-pilot-discovery
Package
Name
servicemesh-pilot-discovery
Purl
pkg:rpm/redhat/servicemesh-pilot-discovery
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.9-3.el8
Red Hat:service_mesh:2.0::el8
/
kiali
Package
Name
kiali
Purl
pkg:rpm/redhat/kiali
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:v1.24.7.redhat1-1.el8
Red Hat:service_mesh:2.0::el8
/
servicemesh-prometheus
Package
Name
servicemesh-prometheus
Purl
pkg:rpm/redhat/servicemesh-prometheus
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.14.0-16.el8.1
Red Hat:service_mesh:2.0::el8
/
servicemesh-proxy
Package
Name
servicemesh-proxy
Purl
pkg:rpm/redhat/servicemesh-proxy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.9-3.el8
RHSA-2022:1276 - OSV