CVE-2023-35941

CRITICAL9.8EPSS 0.06%

Envoy vulnerable to OAuth2 credentials exploit with permanent validity

發布日:2024/3/6修改日:2025/10/15

也稱為:GHSA-7mhv-gr67-hq55BIT-envoy-2023-35941

描述

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.

受影響套件(1)

Bitnami/envoy>= 1.23.0, < 1.23.12, >= 1.24.0, < 1.24.10, >= 1.25.0, < 1.25.9, >= 1.26.0, < 1.26.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

WEBhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-35941