CVE-2023-35941

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-35941
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35941.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-35941
Aliases
Published
2023-07-25T17:40:56.203Z
Modified
2025-12-20T02:53:27.639409Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
Summary
Envoy vulnerable to OAuth2 credentials exploit with permanent validity
Details

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-116"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/35xxx/CVE-2023-35941.json"
}
References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
51964702956d64adcd1df6b8ea132e863fe78e74
Fixed
cfa32deca25ac57c2bbecdad72807a9b13493fc1
Database specific 
{
    "versions": [
        {
            "introduced": "1.26.0"
        },
        {
            "fixed": "1.26.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
9184b84cd0dcb3a6c57eb44b177d91c70e1a0901
Fixed
7b2609e12147377b0420bfa4453762e377f218f3
Database specific 
{
    "versions": [
        {
            "introduced": "1.25.0"
        },
        {
            "fixed": "1.25.9"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
15baf56003f33a07e0ab44f82f75a660040db438
Fixed
5adb03f52a6399fe5a31fdb603d5009d8d59cdb9
Database specific 
{
    "versions": [
        {
            "introduced": "1.24.0"
        },
        {
            "fixed": "1.24.10"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9689bc57f80fe56dbb16a4e0d632cde5363d1811
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.23.12"
        }
    ]
}

Affected versions

v1.*

v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.23.1
v1.23.10
v1.23.11
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.23.6
v1.23.7
v1.23.8
v1.23.9
v1.24.0
v1.24.1
v1.24.2
v1.24.3
v1.24.4
v1.24.5
v1.24.6
v1.24.7
v1.24.8
v1.24.9
v1.25.0
v1.25.1
v1.25.2
v1.25.3
v1.25.4
v1.25.5
v1.25.6
v1.25.7
v1.25.8
v1.26.0
v1.26.1
v1.26.2
v1.26.3
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0