Veracode Vulnerability DatabaseVERACODE:20204Unauthorised Access
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Envoy is vulnerable to unauthorised access vulnerability. This occurs when parsing HTTP/1.x header values because envoy does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules and gain access to unauthorized resources.
| CPE | Name | Operator | Version |
|---|---|---|---|
| servicemesh-proxy | eq | 0.6.0__1.el7 | |
| servicemesh-proxy | eq | 0.7.0__1.el7 | |
| servicemesh-proxy | eq | 0.6.0__1.el7 | |
| servicemesh-proxy | eq | 0.7.0__1.el7 |
References
access.redhat.com/errata/RHSA-2019:0741
access.redhat.com/security/updates/classification/#important
github.com/envoyproxy/envoy/issues/6434
github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h
groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM
www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history
Related
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P