Количество 8
Количество 8
CVE-2023-35941
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.
CVE-2023-35941
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.
CVE-2023-35941
Envoy is an open source edge and service proxy designed for cloud-nati ...
BDU:2023-04199
Уязвимость прокси-сервера Envoy, связанная с недостатком механизма кодирования или экранирования выходных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
ELSA-2023-12781
ELSA-2023-12781: istio security update (IMPORTANT)
ELSA-2023-12780
ELSA-2023-12780: istio security update (IMPORTANT)
ELSA-2023-12772
ELSA-2023-12772: olcne security update (IMPORTANT)
ELSA-2023-12771
ELSA-2023-12771: istio security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-35941 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. | CVSS3: 8.6 | 0% Низкий | около 2 лет назад |
 | CVE-2023-35941 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. | CVSS3: 8.6 | 0% Низкий | около 2 лет назад |
| CVE-2023-35941 Envoy is an open source edge and service proxy designed for cloud-nati ... | CVSS3: 8.6 | 0% Низкий | около 2 лет назад |
 | BDU:2023-04199 Уязвимость прокси-сервера Envoy, связанная с недостатком механизма кодирования или экранирования выходных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 8.6 | 0% Низкий | около 2 лет назад |
| ELSA-2023-12781 ELSA-2023-12781: istio security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-12780 ELSA-2023-12780: istio security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-12772 ELSA-2023-12772: olcne security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-12771 ELSA-2023-12771: istio security update (IMPORTANT) | около 2 лет назад |
Уязвимостей на страницу