exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2024-23324

больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 7.3

EPSS: Низкий

CVE-2024-23324

больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 8.6

EPSS: Низкий

CVE-2024-23324

больше 1 года назад

Envoy is a high-performance edge/middle/service proxy. External authen ...

CVSS3: 8.6

EPSS: Низкий

BDU:2024-02904

больше 1 года назад

Уязвимость прокси-сервера Envoy, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю обойти процесс аутентификации

CVSS3: 7.5

EPSS: Низкий

ROS-20240423-06

около 1 года назад

Множественные уязвимости consul

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-23324 Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 7.3	0% Низкий	больше 1 года назад
CVE-2024-23324 Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 8.6	0% Низкий	больше 1 года назад
CVE-2024-23324 Envoy is a high-performance edge/middle/service proxy. External authen ...	CVSS3: 8.6	0% Низкий	больше 1 года назад
BDU:2024-02904 Уязвимость прокси-сервера Envoy, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю обойти процесс аутентификации	CVSS3: 7.5	0% Низкий	больше 1 года назад
ROS-20240423-06 Множественные уязвимости consul	CVSS3: 7.5		около 1 года назад

Уязвимостей на страницу