Pio1006 / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
0 stars 0 forks source link

CVE-2023-27496 (High) detected in multiple libraries - autoclosed #20

Closed mend-for-github-com[bot] closed 6 months ago

mend-for-github-com[bot] commented 1 year ago

CVE-2023-27496 - High Severity Vulnerability

Vulnerable Libraries - envoy1.12.0-alpha.1, envoy1.12.0-alpha.1, envoy1.12.0-alpha.1

Vulnerability Details

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).

Publish Date: 2023-04-04

URL: CVE-2023-27496

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5

Release Date: 2023-04-04

Fix Resolution: v1.22.9,v1.23.6,v1.24.4,v1.25.3

mend-for-github-com[bot] commented 6 months ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #52