CVE-2020-15104 — Origin Validation Error in Envoy

CWE-346 — Origin Validation Error CWE-297 — Improper Validation of Certificate with Host Mismatch3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 69.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Envoyproxy Envoy

Timeline

Latest updateJul 13

PublishedJul 14

Description

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, when it should only allow subdomain.example.com. This defect applies to both validating a client TLS certificate in mTLS, and validating a server TLS certificate for upstream connections. This vulnerabili…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDenvoyproxy/envoy1.13.0 — 1.13.4+2

▶CVEListV5envoyproxy/envoy>= 1.13.0, < 1.13.4, >= 1.14.0, < 1.14.4+1

📋Vendor Advisories

Red Hat

envoyproxy/envoy: incorrectly validates TLS certificates when using wildcards for DNS SAN's↗2020-07-08

▶

💬Community

Bugzilla

CVE-2020-15104 envoyproxy/envoy: incorrectly validates TLS certificates when using wildcards for DNS SAN's↗2020-07-13

▶