CVE-2021-21378

Опубликовано: 11 мар. 2021

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the allow_missing requirement under requires_any due to a mistake in implementation. Envoy's JWT Authentication filter can be configured with the allow_missing requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when requires_any was configured. So if allow_missing was configured under requires_any, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced

Ссылки

https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a
Patch
Third Party Advisory
https://github.com/envoyproxy/envoy/pull/15194
Patch
https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27
Mitigation
Third Party Advisory
https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a
Patch
Third Party Advisory
https://github.com/envoyproxy/envoy/pull/15194
Patch
https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:envoyproxy:envoy:1.17.0:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00421

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2021-21378

CVSS3: 8.2

redhat

почти 5 лет назад

Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy's JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduc...

CVE-2021-21378

CVSS3: 8.2

debian

почти 5 лет назад

Envoy is a cloud-native high-performance edge/middle/service proxy. In ...

EPSS

Процентиль: 61%

0.00421

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287