Lucene search
PRIOn knowledge basePRION:CVE-2023-35941HistoryJul 25, 2023 - 6:15 p.m.
Design/Logic Flaw
2023-07-2518:15:00
PRIOn knowledge base
www.prio-n.com
8
envoy
open source
proxy
design flaw
fix
nvd
cloud-native
applications
edge
service
oauth2
filter
wildcard
domain configuration
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter’s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host’s domain configuration.
Related
veracode
veracode
Improper Authorization
2023-07-27 10:25:56
nvd
nvd
CVE-2023-35941
2023-07-25 18:15:10
redhatcve
redhatcve
CVE-2023-35941
2023-07-26 16:47:36
osv
osv
CVE-2023-35941
2023-07-25 18:15:10
BIT-envoy-2023-35941
2024-03-06 10:53:21
cve
cve
CVE-2023-35941
2023-07-25 18:15:10
cvelist
cvelist
oraclelinux
oraclelinux
istio security update
2023-09-08 00:00:00
istio security update
2023-09-06 00:00:00
istio security update
2023-09-08 00:00:00
nessus
nessus
Oracle Linux 8 : olcne (ELSA-2023-12772)
2023-09-11 00:00:00
Oracle Linux 9 : istio (ELSA-2023-12771)
2023-09-18 00:00:00
Oracle Linux 7 : istio (ELSA-2023-12781)
2023-09-08 00:00:00
redhat
redhat