Lucene search
K

7 matches found

OSV
OSV
added 2024/09/26 7:10 a.m.33 views

BIT-ENVOY-2024-7207

A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to...

8.3AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/08/11 4:46 p.m.43 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.9 security update

Red Hat OpenShift Service Mesh 2.2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

9.8CVSS6.6AI score0.00869EPSS
Exploits6References7
RedhatCVE
RedhatCVE
added 2023/04/04 7:43 p.m.44 views

CVE-2023-27487

A flaw was found in envoy. The header x-envoy-original-path should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header could then be used for trace logs and grpc logs, used ...

8.2CVSS8.7AI score0.00636EPSS
Exploits1References3
Chainguard
Chainguard
added 2023/04/04 4:15 p.m.21 views

CVE-2023-27487 vulnerabilities

Vulnerabilities for packages: envoy...

6.4CVSS7.4AI score0.00636EPSS
Exploits1
Wolfi
Wolfi
added 2023/04/04 4:15 p.m.182 views

CVE-2023-27487 vulnerabilities

Vulnerabilities for packages: envoy...

9.1CVSS7.7AI score0.00636EPSS
Exploits1
CVE
CVE
added 2023/04/04 3:42 p.m.183 views

CVE-2023-27487

CVE-2023-27487 affects Envoy (edge/service proxy). The issue: a client can forge the internal x-envoy-original-path header because Envoy does not remove it early in request processing, allowing forged values to influence trace/grpc logs and jwt_authn URL checks. Impact is high (confidentiality/in...

9.1CVSS8.7AI score0.00636EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/04 3:42 p.m.9 views

CVE-2023-27487 Envoy client may fake the header `x-envoy-original-path`

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...

8.2CVSS9.1AI score0.00636EPSS
Exploits1References1
Rows per page
Query Builder