BIT-envoy-2024-23324

Import Source
https://github.com/bitnami/vulndb/tree/main/data/envoy/BIT-envoy-2024-23324.json
Aliases
Published
2024-03-06T10:51:54.396Z
Modified
2024-03-06T11:25:28.861Z
Details

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Bitnami / envoy

Package

Name
envoy

Affected ranges

Type
SEMVER
Events
Introduced
1.26.0
Fixed
1.26.7
Introduced
1.27.0
Fixed
1.27.3
Introduced
1.28.0
Fixed
1.28.1
Introduced
1.29.0
Fixed
1.29.1