Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-29492

Опубликовано: 28 мая 2021
Источник: nvd
CVSS3: 8.1
CVSS3: 8.3
CVSS2: 7.5
EPSS Низкий

Описание

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret %2F and / and %5C and \ interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat %2F and / and %5C and \ interchangeably and a URL path ba

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Версия до 1.15.5 (исключая)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Версия от 1.16.0 (включая) до 1.16.4 (исключая)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Версия от 1.17.0 (включая) до 1.17.3 (исключая)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Версия от 1.18.0 (включая) до 1.18.3 (исключая)

EPSS

Процентиль: 92%
0.07418
Низкий

8.1 High

CVSS3

8.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

redhat логотип

CVE-2021-29492

CVSS3: 8.3
redhat
больше 4 лет назад

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path...

debian логотип

CVE-2021-29492

CVSS3: 8.1
debian
больше 4 лет назад

Envoy is a cloud-native edge/middle/service proxy. Envoy does not deco ...

EPSS

Процентиль: 92%
0.07418
Низкий

8.1 High

CVSS3

8.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22