From 8ee897a91d72269e24b1da5e3b49d487bc1456b1 Mon Sep 17 00:00:00 2001
From: jacob-delgado <jacob.delgado@volunteers.acasi.info>
Date: Wed, 5 Apr 2023 19:55:49 -0600
Subject: [PATCH] Put links to github security advisories (#13012)

* Put links to github security advisories

* Fix linting issues
---
 .../1.15.x/announcing-1.15.7/index.md         | 24 +++++++++----------
 .../1.16.x/announcing-1.16.4/index.md         | 24 +++++++++----------
 .../1.17.x/announcing-1.17.2/index.md         | 24 +++++++++----------
 .../security/istio-security-2023-001/index.md | 12 +++++-----
 4 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/content/en/news/releases/1.15.x/announcing-1.15.7/index.md b/content/en/news/releases/1.15.x/announcing-1.15.7/index.md
index 8fff88999f..75a7b52aff 100644
--- a/content/en/news/releases/1.15.x/announcing-1.15.7/index.md
+++ b/content/en/news/releases/1.15.x/announcing-1.15.7/index.md
@@ -14,23 +14,23 @@ This release note describes what’s different between Istio 1.15.6 and 1.15.7.
 
 ## Security update
 
-- __CVE-2023-27487__:
-  (CVSS Score 8.2, High): Client may fake the header `x-envoy-original-path`.
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
+Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__:
-  (CVSS Score 5.4, Moderate): gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
+gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__:
-  (CVSS Score 5.4, Moderate): Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
+Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__:
-  (CVSS Score 4.8, Moderate): Crash when a large request body is processed in Lua filter.
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
+Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__:
-  (CVSS Score 8.1, High): Envoy doesn't escape HTTP header values.
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
+Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__:
-  (CVSS Score 6.5, Moderate): Crash when a redirect url without a state parameter is received in the OAuth filter.
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
+Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 ## Changes
 
diff --git a/content/en/news/releases/1.16.x/announcing-1.16.4/index.md b/content/en/news/releases/1.16.x/announcing-1.16.4/index.md
index 551730cd84..0804ee3bc4 100644
--- a/content/en/news/releases/1.16.x/announcing-1.16.4/index.md
+++ b/content/en/news/releases/1.16.x/announcing-1.16.4/index.md
@@ -14,23 +14,23 @@ This release note describes what’s different between Istio 1.16.3 and 1.16.4.
 
 ## Security update
 
-- __CVE-2023-27487__:
-  (CVSS Score 8.2, High): Client may fake the header `x-envoy-original-path`.
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
+Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__:
-  (CVSS Score 5.4, Moderate): gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
+gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__:
-  (CVSS Score 5.4, Moderate): Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
+Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__:
-  (CVSS Score 4.8, Moderate): Crash when a large request body is processed in Lua filter.
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
+Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__:
-  (CVSS Score 8.1, High): Envoy doesn't escape HTTP header values.
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
+Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__:
-  (CVSS Score 6.5, Moderate): Crash when a redirect url without a state parameter is received in the OAuth filter.
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
+Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 # Changes
 
diff --git a/content/en/news/releases/1.17.x/announcing-1.17.2/index.md b/content/en/news/releases/1.17.x/announcing-1.17.2/index.md
index 09db5fecff..95e15562b5 100644
--- a/content/en/news/releases/1.17.x/announcing-1.17.2/index.md
+++ b/content/en/news/releases/1.17.x/announcing-1.17.2/index.md
@@ -14,23 +14,23 @@ This release note describes what’s different between Istio 1.17.1 and 1.17.2.
 
 ## Security update
 
-- __CVE-2023-27487__:
-  (CVSS Score 8.2, High): Client may fake the header `x-envoy-original-path`.
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
+Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__:
-  (CVSS Score 5.4, Moderate): gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
+gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__:
-  (CVSS Score 5.4, Moderate): Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
+Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__:
-  (CVSS Score 4.8, Moderate): Crash when a large request body is processed in Lua filter.
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
+Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__:
-  (CVSS Score 8.1, High): Envoy doesn't escape HTTP header values.
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
+Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__:
-  (CVSS Score 6.5, Moderate): Crash when a redirect url without a state parameter is received in the OAuth filter.
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
+Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 ## Changes
 
diff --git a/content/en/news/security/istio-security-2023-001/index.md b/content/en/news/security/istio-security-2023-001/index.md
index 8845d08938..4564ac2081 100644
--- a/content/en/news/security/istio-security-2023-001/index.md
+++ b/content/en/news/security/istio-security-2023-001/index.md
@@ -17,22 +17,22 @@ skip_seealso: true
 
 ### Envoy CVEs
 
-- __CVE-2023-27487__: (CVSS Score 8.2, High):
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
 Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__: (CVSS Score 5.4, Moderate):
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
 gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__: (CVSS Score 5.4, Moderate):
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
 Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__: (CVSS Score 4.8, Moderate):
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
 Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__: (CVSS Score 8.1, High):
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
 Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__: (CVSS Score 6.5, Moderate):
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
 Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 ## Am I Impacted?