BIT-envoy-2023-27496

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/envoy/BIT-envoy-2023-27496.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-envoy-2023-27496

Aliases

CVE-2023-27496

Published

2024-03-06T10:53:33.396Z

Modified

2025-02-26T07:48:40.248Z

Summary

[none]

Details

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the state parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).

Database specific

{
    "cpes": [
        "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5

Affected packages

Bitnami / envoy

Package

Name: envoy
Purl: pkg:bitnami/envoy

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.9

Introduced

1.23.0

Fixed

1.23.6

Introduced

1.24.0

Fixed

1.24.4

Introduced

1.25.0

Fixed

1.25.3