Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveGitHub_MCVE-2022-21657
HistoryFeb 22, 2022 - 11:15 p.m.

CVE-2022-21657

2022-02-2223:15:11
CWE-295
GitHub_M
web.nvd.nist.gov
112
cve
2022
21657
envoy
security
tls
certificate
vulnerability
upgrade.

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade.

Affected configurations

Nvd
Vulners
Node
envoyproxyenvoyRange<1.18.6
OR
envoyproxyenvoyRange1.19.01.19.3
OR
envoyproxyenvoyRange1.20.01.20.2
VendorProductVersionCPE
envoyproxyenvoy*cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "envoy",
    "vendor": "envoyproxy",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.20.0, < 1.20.2"
      },
      {
        "status": "affected",
        "version": ">= 1.19.0, < 1.19.3"
      },
      {
        "status": "affected",
        "version": "< 1.18.6"
      }
    ]
  }
]

Related

nvd 1
osv 3
cvelist 1
prion 1
redhatcve 1
cnvd 1
github 1
nvd
nvd
CVE-2022-21657
2022-02-22 23:15:11
osv
osv
BIT-envoy-2022-21657
2024-03-06 10:55:54
CVE-2022-21657
2022-02-22 23:15:11
Multiple security issues in Pomerium's embedded envoy
2022-03-01 22:04:17
cvelist
cvelist
CVE-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy
2022-02-22 22:30:12
prion
prion
Code injection
2022-02-22 23:15:00
redhatcve
redhatcve
CVE-2022-21657
2022-02-23 06:50:02
cnvd
cnvd
Envoy Trust Management Issue Vulnerability (CNVD-2022-16289)
2022-02-24 00:00:00
github
github
Multiple security issues in Pomerium's embedded envoy
2022-03-01 22:04:17

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON
Related for CVE-2022-21657
nvd1osv3cvelist1prion1redhatcve1cnvd1github1