Lucene search
K

26 matches found

Veracode
Veracode
added 2021/08/29 7:44 p.m.32 views

Authorization Bypass

servicemesh-proxy is vulnerable to authorization bypass. It allows specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed...

8.6CVSS3.1AI score0.03325EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2021/08/25 9:37 a.m.3 views

envoyproxy/envoy: HTTP request with multiple value headers can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...

8.6CVSS5.8AI score0.03325EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/08/25 9:37 a.m.3 views

envoyproxy/envoy: HTTP request with multiple value headers can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...

8.6CVSS5.8AI score0.03325EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/08/24 10:14 p.m.42 views

CVE-2021-32777

An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...

8.6CVSS3.7AI score0.03325EPSS
Exploits0References4
NVD
NVD
added 2021/08/24 9:15 p.m.24 views

CVE-2021-32777

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However,...

8.6CVSS0.03325EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/24 12:0 a.m.4 views

PT-2021-19922 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.16.5 through 1.19.0 Description: The issue affects Envoy, an open source L7 proxy and communication bus. In the affected versions, when the ext-authz extension sends request headers to the external authorization service, it...

8.6CVSS8.6AI score0.03325EPSS
Exploits0References12
Rows per page
Query Builder