Published: 04/04/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

DescriptionA flaw was found in Envoy. This issue could allow an malicious user to bypass authentication checks when ext_authz is used by crafting a malicious http header with a non-UTF8 value.A flaw was found in Envoy. This issue could allow an malicious user to bypass authentication checks when ext_authz is used by crafting a malicious http header with a non-UTF8 value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
envoyproxy envoy

Synopsis Important: Red Hat OpenShift Service Mesh 229 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 229Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...

Envoy is an open source edge and service proxy designed for cloud-native applications Prior to versions 1260, 1253, 1244, 1236, and 1229, the client may bypass JSON Web Token (JWT) checks and forge fake original paths The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request ...

DescriptionA flaw was found in Envoy This issue could allow an attacker to bypass authentication checks when ext_authz is used by crafting a malicious http header with a non-UTF8 valueA flaw was found in Envoy This issue could allow an attacker to bypass authentication checks when ext_authz is used by crafting a malicious http header with ...

NVD-CWE-noinfo https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph https://access.redhat.com/errata/RHSA-2023:4623 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASECS-2023-003.html https://access.redhat.com/security/cve/cve-2023-27488

CVE-2023-27488

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect