9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.3%
github.com/envoyproxy/envoy is vulnerable to Improper Authorization. In rare circumstances, a rogue client is able to create credentials that are always valid. This occurs due to a few uncommon circumstances in which the HMAC
payload might always be legitimate in the OAuth2
filter’s check.
github.com/envoyproxy/envoy/commit/78c7d48852f58c2bc159c58c7a998cbb1f701172
github.com/envoyproxy/envoy/commit/7fbb5a1ddd0f6ab6ebd5d3e88c7521eef960cecd
github.com/envoyproxy/envoy/commit/820698ea5c3f4245ac1e1e381c01155e28d6db09
github.com/envoyproxy/envoy/commit/8ca0405d6bed73e9ca81c3fd99de3dfb8e3fe55b
github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55