exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2024-23324

около 2 лет назад

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 7.3

EPSS: Низкий

CVE-2024-23324

около 2 лет назад

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 8.6

EPSS: Низкий

CVE-2024-23324

около 2 лет назад

Envoy is a high-performance edge/middle/service proxy. External authen ...

CVSS3: 8.6

EPSS: Низкий

BDU:2024-02904

около 2 лет назад

Уязвимость прокси-сервера Envoy, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю обойти процесс аутентификации

CVSS3: 7.5

EPSS: Низкий

ROS-20240423-06

почти 2 года назад

Множественные уязвимости consul

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-23324 Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 7.3	0% Низкий	около 2 лет назад
CVE-2024-23324 Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 8.6	0% Низкий	около 2 лет назад
CVE-2024-23324 Envoy is a high-performance edge/middle/service proxy. External authen ...	CVSS3: 8.6	0% Низкий	около 2 лет назад
BDU:2024-02904 Уязвимость прокси-сервера Envoy, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю обойти процесс аутентификации	CVSS3: 7.5	0% Низкий	около 2 лет назад
ROS-20240423-06 Множественные уязвимости consul	CVSS3: 7.5		почти 2 года назад

Уязвимостей на страницу