Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-CFC2-WJCM-C8FM
HistorySep 10, 2021 - 5:54 p.m.

Incorrect Authorization with specially crafted requests

2021-09-1017:54:25
CWE-863
GitHub Advisory Database
github.com
27

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON

Envoy, which Pomerium is based on, contains two authorization related vulnerabilities:

  • CVE-2021-32777: incorrectly transform a URL containing a #fragment element, causing a mismatch in path-prefix based authorization decisions.
  • CVE-2021-32779: incorrectly handle duplicate headers, dropping all but the last. This may lead to incorrect routing or authorization policy decisions.

Impact

With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium.

Patches

Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched.

Workarounds

  • This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation.

References

envoy GSA CVE-2021-32777
envoy GSA CVE-2021-32779
envoy announcement

For more information

If you have any questions or comments about this advisory:

Related

prion 3
osv 7
cve 3
nessus 5
veracode 2
redhatcve 2
oraclelinux 3
redhat 2
prion
prion
Authorization
2021-09-09 23:15:00
Authorization
2021-08-24 21:15:00
Path traversal
2021-08-24 21:15:00
osv
osv
BIT-envoy-2021-32777
2024-03-06 10:58:27
Incorrect Authorization with specially crafted requests
2021-09-10 17:54:25
BIT-envoy-2021-39206
2024-03-06 10:57:12
cve
cve
CVE-2021-39206
2021-09-09 23:15:00
CVE-2021-32779
2021-08-24 21:15:00
CVE-2021-32777
2021-08-24 21:15:00
nessus
nessus
Oracle Linux 7 : olcne (ELSA-2021-9526)
2021-11-09 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 2.0.7.1 (RHSA-2021:3272)
2021-08-25 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh 1.1.17.1 (RHSA-2021:3273)
2021-08-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-08-29 19:44:50
Authorization Bypass
2021-08-29 19:44:47
redhatcve
redhatcve
CVE-2021-32779
2021-08-24 22:14:54
CVE-2021-32777
2021-08-24 22:14:49
oraclelinux
oraclelinux
olcne security update
2021-11-10 00:00:00
olcne istio istio kubernetes security update
2021-11-09 00:00:00
olcne security update
2021-11-09 00:00:00
redhat
redhat
(RHSA-2021:3273) Important: Red Hat OpenShift Service Mesh 1.1.17.1 security update
2021-08-25 09:17:57
(RHSA-2021:3272) Important: Red Hat OpenShift Service Mesh 2.0.7.1 security update
2021-08-25 09:17:04

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON
Related for GHSA-CFC2-WJCM-C8FM
prion3osv7cve3nessus5veracode2redhatcve2oraclelinux3redhat2