RHSA-2022:6277

Description

Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.5 security update

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• redhat•servicemesh

  < 0:2.1.5-1.el8

• redhat•servicemesh-cni

  < 0:2.1.5-1.el8

• redhat•servicemesh-operator

  < 0:2.1.5-1.el8

• redhat•servicemesh-pilot-agent

  < 0:2.1.5-1.el8

• redhat•servicemesh-pilot-discovery

  < 0:2.1.5-1.el8

• redhat•servicemesh-prometheus

  < 0:2.23.0-9.el8

• redhat•servicemesh-proxy

  < 0:2.1.5-1.el8

• redhat•servicemesh-proxy-debuginfo

  < 0:2.1.5-1.el8

• redhat•servicemesh-proxy-debugsource

  < 0:2.1.5-1.el8

• redhat•servicemesh-proxy-wasm

  < 0:2.1.5-1.el8

• redhat•servicemesh-ratelimit

  < 0:2.1.5-1.el8

References (37)

• https://access.redhat.com/errata/RHSA-2022:6277
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=2064857
• https://bugzilla.redhat.com/show_bug.cgi?id=2072009
• https://bugzilla.redhat.com/show_bug.cgi?id=2077688
• https://bugzilla.redhat.com/show_bug.cgi?id=2077689
• https://bugzilla.redhat.com/show_bug.cgi?id=2084085
• https://bugzilla.redhat.com/show_bug.cgi?id=2092793
• https://bugzilla.redhat.com/show_bug.cgi?id=2105075
• https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6277.json
• https://access.redhat.com/security/cve/CVE-2022-24675
• https://www.cve.org/CVERecord?id=CVE-2022-24675
• https://nvd.nist.gov/vuln/detail/CVE-2022-24675
• https://groups.google.com/g/golang-announce/c/oecdBNLOml8
• https://access.redhat.com/security/cve/CVE-2022-24785
• https://www.cve.org/CVERecord?id=CVE-2022-24785
• https://nvd.nist.gov/vuln/detail/CVE-2022-24785
• https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
• https://access.redhat.com/security/cve/CVE-2022-24921
• https://www.cve.org/CVERecord?id=CVE-2022-24921
• https://nvd.nist.gov/vuln/detail/CVE-2022-24921
• https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
• https://access.redhat.com/security/cve/CVE-2022-28327
• https://www.cve.org/CVERecord?id=CVE-2022-28327
• https://nvd.nist.gov/vuln/detail/CVE-2022-28327
• https://access.redhat.com/security/cve/CVE-2022-29526
• https://www.cve.org/CVERecord?id=CVE-2022-29526
• https://nvd.nist.gov/vuln/detail/CVE-2022-29526
• https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
• https://access.redhat.com/security/cve/CVE-2022-30629
• https://www.cve.org/CVERecord?id=CVE-2022-30629
• https://nvd.nist.gov/vuln/detail/CVE-2022-30629
• https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg
• https://access.redhat.com/security/cve/CVE-2022-31129
• https://www.cve.org/CVERecord?id=CVE-2022-31129
• https://nvd.nist.gov/vuln/detail/CVE-2022-31129
• https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g