CVE-2023-35941

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35941

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35941.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-35941

Aliases

BIT-envoy-2023-35941

Related

GHSA-7mhv-gr67-hq55

Published

2023-07-25T18:15:10Z

Modified

2025-02-19T03:33:00.613557Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type: GIT
Repo: https://github.com/envoyproxy/envoy
Events: Introduced

ce49c7f65668a22b80d1e83c35d170741bb8d46a

Fixed

9689bc57f80fe56dbb16a4e0d632cde5363d1811

Affected versions

v1.*

v1.23.0

v1.23.1

v1.23.10

v1.23.11

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.6

v1.23.7

v1.23.8

v1.23.9