Vulnerabilities > Redhat > Openshift Service Mesh

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-09-23 CVE-2022-3962 A content spoofing vulnerability was found in Kiali.
network
low complexity
kiali redhat
4.3
2022-08-22 CVE-2021-3586 Insecure Default Initialization of Resource vulnerability in Redhat Openshift Service Mesh and Servicemesh-Operator
A flaw was found in servicemesh-operator.
network
low complexity
redhat CWE-1188
critical
9.8
2021-06-01 CVE-2021-3495 An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7.
network
low complexity
netlify redhat
8.8
2021-01-29 CVE-2019-25014 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0.
network
low complexity
istio redhat CWE-476
6.5
2020-12-21 CVE-2020-27846 A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject
critical
9.8
2020-04-27 CVE-2020-1762 Session Fixation vulnerability in multiple products
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
network
low complexity
kiali redhat CWE-384
8.6
2020-03-26 CVE-2020-1764 Use of Hard-coded Credentials vulnerability in multiple products
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1.
network
low complexity
kiali redhat CWE-798
8.6
2020-03-04 CVE-2020-8661 Resource Exhaustion vulnerability in multiple products
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
network
low complexity
cncf redhat CWE-400
7.5
2020-03-04 CVE-2020-8659 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e.
network
low complexity
cncf redhat debian CWE-770
7.5