CVE-2024-23324
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-23324
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23324.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-23324
- Aliases
-
- BIT-envoy-2024-23324
- GHSA-gq3v-vvhj-96j6
- Published
- 2024-02-09T22:48:26Z
- Modified
- 2025-10-15T07:27:40.947681Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata
- Details
-
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.26.1
v1.26.2
v1.26.3
v1.26.4
v1.26.5
v1.26.6
v1.27.0
v1.27.1
v1.27.2
v1.28.0
v1.29.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.26.1
v1.26.2
v1.26.3
v1.26.4
v1.26.5
v1.26.6
v1.27.0
v1.27.1
v1.27.2
v1.28.0
v1.29.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0