Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-27496

Published: 04/04/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Envoy

Vulnerability Summary

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).

Vulnerable Product Search on Vulmon Subscribe to Product

envoyproxy envoy

Vendor Advisories

Red Hat: Important: Red Hat OpenShift Service Mesh 2.2.9 security update
Synopsis Important: Red Hat OpenShift Service Mesh 229 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 229Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...
Amazon Linux 2: ALAS2ECS-2023-003
Envoy is an open source edge and service proxy designed for cloud-native applications Prior to versions 1260, 1253, 1244, 1236, and 1229, the client may bypass JSON Web Token (JWT) checks and forge fake original paths The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request ...
Red Hat:
Description<!---->A flaw was found in Envoy If Envoy is running with the OAuth filter enabled, a malicious actor could construct a request which would cause denial of service, crashing EnvoyA flaw was found in Envoy If Envoy is running with the OAuth filter enabled, a malicious actor could construct a request which would cause denial of service, ...

References

NVD-CWE-noinfohttps://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5https://access.redhat.com/errata/RHSA-2023:4623https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALASECS-2023-003.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook