Описание
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
Ссылки
- Issue TrackingMitigationThird Party Advisory
- Release NotesVendor Advisory
- Issue TrackingMitigationThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
EnvoyProxy Envoy Missing HTTP URL path normalization
Уязвимость сетевого программного средства Envoy, связанная с ошибками при нормализации URI-адресов, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным
EPSS
6.5 Medium
CVSS3
10 Critical
CVSS3
7.5 High
CVSS2