2 matches found
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...
PT-2025-5269
Name of the Vulnerable Software and Affected Versions: Envoy Gateway versions prior to 1.2.6 Description: A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to...