Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
openshift-service Rocky
Fixed in: mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64 RHSA-2024:7725 Fixed in: mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64 RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64 RHSA-2024:7725 Fixed in: mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64 RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x RHSA-2024:7725 Fixed in: mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x RHSA-2024:7725 Fixed in: mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le RHSA-2024:7725 Fixed in: mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64 RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64 RHSA-2024:7725 Fixed in: mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64 RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64 RHSA-2024:7725 Fixed in: mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64 RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64 RHSA-2024:7725 openshift-service Red Hat / RHEL
Fixed in: mesh/pilot-rhel8@sha256:cea91c8c067cdfd4a321895eaef62fa914a65a204e687e59cb9d8f3f03cbd2cd_amd64 RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:c922a8a50ed805f36822a1e5906c31c41123070f589177a7e95934c94c29befc_amd64 RHSA-2024:7725 Fixed in: mesh/ratelimit-rhel8@sha256:566e4e1b3973d75f13f6efeea02bacc6f687b3ec72a09ca94bab6f37a73a4c60_amd64 RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:807b8705bdd289e7c538dad646cdb00619b60a547faabfc4462beb3669c9593b_s390x RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:9c52215736668ee145e505fafb22e1feec36cb526168a9268d3bb2e3d236a2b8_s390x RHSA-2024:7725 Fixed in: mesh/pilot-rhel8@sha256:eebb1aef0d32db79f88ea74caeefbd13aa00a2cd39726f7b9996f0a381fdd5fa_s390x RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:95f289d7a5fb1c6e6dc1eb424605bbcab484ea39222bdb4f86bf8932fdaa0bd2_s390x RHSA-2024:7725 Fixed in: mesh/ratelimit-rhel8@sha256:98e2b3ad04539728d36ace3eae0816582a930388a6a5903a9175110aa1ee1e83_s390x RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:fdbac779cb1568b0eb9bc7a8f194a446583b08fa68f7d5f1dcd3ba31d4e2c14f_amd64 RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:c03cbaf1d6e8abd5f43bfa059359bd3da0e5ae0a5b4434f3d56eedceb238761c_ppc64le RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:d8ba5cb7d2e2ecfbf226ee7b880c750a8006b3648f4bd9eace3b3bfa60aa98a2_ppc64le RHSA-2024:7725 Fixed in: mesh/pilot-rhel8@sha256:5ceb0e239b8fb78edbb3f18ad522bbde2dc949b0847200c9a8a601631dc00301_ppc64le RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:c93cc0a574fe8d4c8af5fae3955497a09aa718494cae342da881ed43aafad35a_ppc64le RHSA-2024:7725 Fixed in: mesh/ratelimit-rhel8@sha256:39271db703a21bf1dd5013d21b991119a7c576c3e9b9d057bdae3d38d84c8679_ppc64le RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:31242f9c6c8bf429d4b11ca458b83a2931c95e6032676b76948e84acfd1f4ace_amd64 RHSA-2024:7725 Fixed in: mesh/grafana-rhel8@sha256:f18469f64f1c87b3e9186db6a955f0063197d45781a570a31102ae0d23fff5b8_arm64 RHSA-2024:7725 Fixed in: mesh/kiali-rhel8@sha256:4f1bf796330b85789da7622a41da8dfba144121864936f5a978a789f31471805_arm64 RHSA-2024:7725 Fixed in: mesh/pilot-rhel8@sha256:c20112f355c939e97a44229056277da2ce68511ed65bd19868707efd89444dbb_arm64 RHSA-2024:7725 Fixed in: mesh/proxyv2-rhel8@sha256:203fa7f4d917e0bad625691aaa9a060a902995d4a905c04514d907fd11858e79_arm64 RHSA-2024:7725 Fixed in: mesh/ratelimit-rhel8@sha256:b1825622263dd1065be939d18d163bc8ba1b0c53158bc7805cc36507c44f830b_arm64 RHSA-2024:7725 openshift-service-mesh/istio Rocky
Fixed in: cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64 RHSA-2024:7725 Fixed in: cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x RHSA-2024:7725 Fixed in: cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le RHSA-2024:7725 Fixed in: cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64 RHSA-2024:7725 openshift-service-mesh/istio Red Hat / RHEL
Fixed in: cni-rhel8@sha256:58dc105a4b89b8eed3892f577595577f3972431e81636609218bd87d300ec662_ppc64le RHSA-2024:7725 Fixed in: cni-rhel8@sha256:40c8bfb02b7078d04f115fcd4894cc4f4b452f1e192afac3fe2db2f9249eca42_amd64 RHSA-2024:7725 Fixed in: cni-rhel8@sha256:2784045844231bcd2212f84d0ae05aace9b8e0fe31ce5c3a49c1e865d9b6f7b4_s390x RHSA-2024:7725 Fixed in: cni-rhel8@sha256:aee0aa13cd55c4dbebde559f90123c575a222bff48cef4a29d57efcca3ec3831_arm64 RHSA-2024:7725 openshift-service-mesh/istio-must Rocky
Fixed in: gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le RHSA-2024:7725 Fixed in: gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x RHSA-2024:7725 Fixed in: gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64 RHSA-2024:7725 Fixed in: gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64 RHSA-2024:7725 openshift-service-mesh/istio-must Red Hat / RHEL
Fixed in: gather-rhel8@sha256:597475e28f081bd14755ca909fceb2dd1c01c6a3d1b7e1b6f89739c1206c7f9b_arm64 RHSA-2024:7725 Fixed in: gather-rhel8@sha256:913b90b39c5f78b328c202630f43f41daa8ba1e132411679a1dc655f3992b265_ppc64le RHSA-2024:7725 Fixed in: gather-rhel8@sha256:a14488ddf9859b13676abb82bbc9925e3b65baedbeff46657c4754c9486e14d9_amd64 RHSA-2024:7725 Fixed in: gather-rhel8@sha256:0e4a75f9a16266a79814f42f1ac475fe426b6720c52daa98df594a979a1e727d_s390x RHSA-2024:7725 openshift-service-mesh/kiali Rocky
Fixed in: ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le RHSA-2024:7725 Fixed in: ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64 RHSA-2024:7725 Fixed in: ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x RHSA-2024:7725 Fixed in: ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64 RHSA-2024:7725 openshift-service-mesh/kiali Red Hat / RHEL
Fixed in: ossmc-rhel8@sha256:013dda8dba6f8aab89e4a10e4289362751dd14d01704604199ba36c29316c10c_s390x RHSA-2024:7725 Fixed in: ossmc-rhel8@sha256:ce420c9b076a15d91c9e62000d4129911d54db27a4c91913e384eb284557edae_ppc64le RHSA-2024:7725 Fixed in: ossmc-rhel8@sha256:dea5fd5d8ce03c54d40301ca4dd2ba23a9f61f9edbfa8565ff0ccb369b811e55_arm64 RHSA-2024:7725 Fixed in: ossmc-rhel8@sha256:b17bed92b891131e3bed248ff4fa8329e6802cbcc6b07aac240cf8f95e6fa48b_amd64 RHSA-2024:7725 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Impact
Confidentiality High
Integrity None
Availability None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.36% probability of exploitation in 30 days
28th percentile
Low risk: more likely to be exploited than 28% of all known CVEs.
Embed a live status badge for CVE-2024-23326 Markdown
[](https://tridentstack.com/cve/CVE-2024-23326)HTML
<a href="https://tridentstack.com/cve/CVE-2024-23326"><img src="https://tridentstack.com/cve/badge/CVE-2024-23326.svg" alt="CVE-2024-23326"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.