Bug ID 1196421
Summary VUL-0: CVE-2022-21654: envoy-proxy: Incorrect configuration handling allows mTLS session re-use without re-validation
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.3
Hardware Other
URL https://smash.suse.de/issue/324517/
OS Other
Status NEW
Severity Major
Priority P5 - None
Component Security
Assignee dmueller@suse.com
Reporter carlos.lopez@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker ---

rh#2050753

Incorrect configuration handling allows mTLS session re-use without
re-validation after validation settings have changed.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2050753
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21654
https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353
https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283
http://www.cvedetails.com/cve/CVE-2022-21654/


You are receiving this mail because: