Описание
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
A flaw was found in Envoy version 1.9.0 and older, where Envoy does not normalize HTTP URL paths. This flaw allows a remote attacker to craft a path with a relative path and to bypass access control. This issue results in a backend server with the ability to interpret the unnormalized path.
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
EnvoyProxy Envoy Missing HTTP URL path normalization
Уязвимость сетевого программного средства Envoy, связанная с ошибками при нормализации URI-адресов, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным
EPSS
8.3 High
CVSS3