Lucene search

K
githubGitHub Advisory DatabaseGHSA-9WMC-RG4H-28WV
HistoryOct 17, 2023 - 12:41 p.m.

github.com/kumahq/kuma affected by CVE-2023-44487

2023-10-1712:41:55
GitHub Advisory Database
github.com
55
kuma
vulnerability
cve-2023-44487
rapid reset
exploit
http/2
gateway
listener
workaround
patches

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.708

Percentile

98.1%

Impact

Envoy and Go HTTP/2 protocol stack is vulnerable to the β€œRapid Reset” class of exploits, which send a sequence of HEADERS frames optionally followed by RST_STREAM frames.

This can be exercised if you use the builtin gateway and receive untrusted http2 traffic.

Patches

https://github.com/kumahq/kuma/pull/8023
https://github.com/kumahq/kuma/pull/8001
https://github.com/kumahq/kuma/pull/8034

Workarounds

Disable http2 on the gateway listener with a MeshProxyPatch or ProxyTemplate.

References

https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/golang/go/issues/63417
https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/?sf269548684=1
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge

Affected configurations

Vulners
Node
uptime-kuma_projectuptime-kumaRange<2.0.8
OR
uptime-kuma_projectuptime-kumaRange<2.1.8
OR
uptime-kuma_projectuptime-kumaRange<2.2.4
OR
uptime-kuma_projectuptime-kumaRange<2.3.3
OR
uptime-kuma_projectuptime-kumaRange<2.4.3

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.708

Percentile

98.1%