Veracode Vulnerability DatabaseVERACODE:31854Authorization Bypass
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
servicemesh-proxy is vulnerable to authorization bypass. It allows specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the ext_authz extension.
References
access.redhat.com/errata/RHSA-2021:3272
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1996933
github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
istio.io/latest/news/security/istio-security-2021-008/
www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history
Related
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P