SB2024100826 - Multiple vulnerabilities in OpenShift Service Mesh 2.6
Published: October 8, 2024 Updated: September 5, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2024-43799)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "SendStream.redirect()" function. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Cross-site scripting (CVE-ID: CVE-2024-43800)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Cross-site scripting (CVE-ID: CVE-2024-43796)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in response.redirect() method. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Inefficient regular expression complexity (CVE-ID: CVE-2024-45296)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
5) Cross-site scripting (CVE-ID: CVE-2024-43788)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in AutoPublicPathRuntimeModule. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Asymmetric Resource Consumption (Amplification) (CVE-ID: CVE-2024-45590)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of a large number of requests when url encoding is enabled. A remote attacker can send multiple requests to the server and perform a denial of service (DoS) attack.
7) Improper Output Neutralization for Logs (CVE-ID: CVE-2024-45808)
The vulnerability allows a remote attacker to inject arbitrary content into the log files.
The vulnerability exists due to insufficient validation of the REQUESTED_SERVER_NAME field. A remote attacker can inject unexpected content into access logs.
8) Input validation error (CVE-ID: CVE-2024-45806)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to software considers all RFC1918 private address ranges as internal. A remote attacker can manipulate Envoy headers and gain unauthorized access or perform other malicious actions within the mesh.
9) Resource management error (CVE-ID: CVE-2024-45810)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the HTTP async client when handling sendLocalReply in WebSocket upgrade requests. A remote attacker can perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2024-7264)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ASN1 parser code in the GTime2str() function. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
11) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2024-2398)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.
12) Incorrect provision of specified functionality (CVE-ID: CVE-2024-4032)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists within the "ipaddress" module that contains incorrect information and private and public IP addresses for IPv4 and IPv6 protocols. This affects the is_private and is_global properties of the
ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and
ipaddress.IPv6Network classes. A remote attacker can bypass implemented security restrictions based on IP addresses or perform other actions, depending on the application's capabilities.
13) Incorrect Regular Expression (CVE-ID: CVE-2024-6232)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of .tar archives when processing it with regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
14) Code Injection (CVE-ID: CVE-2024-6345)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
15) Command Injection (CVE-ID: CVE-2024-6923)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of newlines for email headers when
serializing an email message. A remote attacker can inject arbitrary headers into serialized email messages.
16) Insufficient verification of data authenticity (CVE-ID: CVE-2024-30203)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to Gnus treats inline MIME contents as trusted. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.17) Insufficient verification of data authenticity (CVE-ID: CVE-2024-30205)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to Emacs in Org mode considers contents of remote files to be trusted. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.
18) Use of Potentially Dangerous Function (CVE-ID: CVE-2024-39331)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function. A remote attacker can execute arbitrary OS commands on the system.
19) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2024-45490)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.
20) Integer overflow (CVE-ID: CVE-2024-45491)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the dtdCopy() function in xmlparse.c. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Integer overflow (CVE-ID: CVE-2024-45492)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.