Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-32779

Опубликовано: 24 авг. 2021
Источник: nvd
CVSS3: 8.6
CVSS3: 8.3
CVSS2: 7.5
EPSS Низкий

Описание

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as "/admin#foo" and mismatches with the configured "/admin" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offend

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Версия от 1.16.0 (включая) до 1.16.5 (исключая)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Версия от 1.17.0 (включая) до 1.17.4 (исключая)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Версия от 1.18.0 (включая) до 1.18.4 (исключая)
cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.0001
Низкий

8.6 High

CVSS3

8.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-551
CWE-697

Связанные уязвимости

redhat логотип

CVE-2021-32779

CVSS3: 8.3
redhat
почти 4 года назад

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as "/admin#foo" and mismatches with the configured "/admin" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the off...

debian логотип

CVE-2021-32779

CVSS3: 8.6
debian
почти 4 года назад

Envoy is an open source L7 proxy and communication bus designed for la ...

oracle-oval логотип

ELSA-2021-9525

oracle-oval
больше 3 лет назад

ELSA-2021-9525: olcne security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9546

oracle-oval
больше 3 лет назад

ELSA-2021-9546: olcne istio istio kubernetes security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9526

oracle-oval
больше 3 лет назад

ELSA-2021-9526: olcne security update (IMPORTANT)

EPSS

Процентиль: 1%
0.0001
Низкий

8.6 High

CVSS3

8.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-551
CWE-697