Описание
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
An incorrect access control bypass vulnerability was found in envoy proxy/envoy. This flaw allows an attacker to send multiple HTTP headers where only the first one is valid. Envoy then forwards all of the headers as valid to the upstream component. This issue allows an attacker to subvert any envoy filters or rules, causing an inconsistency between envoy and the upstream component, potentially gaining access to restricted resources.
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Envoy through 1.15.0 only considers the first value when multiple head ...
EPSS
8.3 High
CVSS3