cbcvebase.
CVE-2023-35941
published 2023-07-25

CVE-2023-35941: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a…

PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.71%
48.9th percentile
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.

Affected

8 ranges
VendorProductVersion rangeFixed in
envoyproxyenvoy< 1.23.121.23.12
envoyproxyenvoy
envoyproxyenvoy
envoyproxyenvoy
envoyproxyenvoy>= 1.23.0 < 1.23.121.23.12
envoyproxyenvoy>= 1.24.0 < 1.24.101.24.10
envoyproxyenvoy>= 1.25.0 < 1.25.91.25.9
envoyproxyenvoy>= 1.26.0 < 1.26.41.26.4

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.