{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7207", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "REJECTED", "assignerShortName": "redhat", "dateReserved": "2024-07-29T12:34:41.016Z", "datePublished": "2024-09-19T22:17:51.582Z", "dateUpdated": "2024-09-30T19:03:20.448Z", "dateRejected": "2024-09-30T19:03:20.448Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "Duplicate of CVE-2024-45806."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-30T19:03:20.448Z"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7207", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "REJECTED", "assignerShortName": "redhat", "dateReserved": "2024-07-29T12:34:41.016Z", "datePublished": "2024-09-19T22:17:51.582Z", "dateUpdated": "2024-09-30T19:03:20.448Z", "dateRejected": "2024-09-30T19:03:20.448Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "Duplicate of CVE-2024-45806."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-30T19:03:20.448Z"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: Duplicate of CVE-2024-45806."}], "id": "CVE-2024-7207", "lastModified": "2024-09-30T19:15:04.540", "metrics": {}, "published": "2024-09-19T23:15:12.337", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"acknowledgement": "This issue was discovered by James Force (Red Hat) and Mike Whale.", "bugzilla": {"description": "envoy: Server-side request forgery via HTTP header manipulation", "id": "2300352", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300352"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-7207", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/proxyv2-rhel8", "product_name": "OpenShift Service Mesh 2"}], "public_date": "2024-09-19T15:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7207\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7207\nhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf"], "statement": "This flaw has been REJECTED and is a duplicate of CVE-2024-45806. As such, the information on this page may be outdated or invalid.", "threat_severity": "Important"}