Lucene search
GoogleOSV:CVE-2023-35941HistoryJul 25, 2023 - 6:15 p.m.
CVE-2023-35941
2023-07-2518:15:10
Google
osv.dev
11
envoy
open source
proxy
security
fix
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter’s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host’s domain configuration.
Related
veracode
veracode
Improper Authorization
2023-07-27 10:25:56
cve
cve
CVE-2023-35941
2023-07-25 18:15:10
osv
osv
BIT-envoy-2023-35941
2024-03-06 10:53:21
nvd
nvd
CVE-2023-35941
2023-07-25 18:15:10
prion
prion
Design/Logic Flaw
2023-07-25 18:15:00
redhatcve
redhatcve
CVE-2023-35941
2023-07-26 16:47:36
cvelist
cvelist
oraclelinux
oraclelinux
olcne security update
2023-09-11 00:00:00
istio security update
2023-09-08 00:00:00
istio security update
2023-09-08 00:00:00
nessus
nessus
Oracle Linux 9 : istio (ELSA-2023-12771)
2023-09-18 00:00:00
Oracle Linux 8 : olcne (ELSA-2023-12772)
2023-09-11 00:00:00
Oracle Linux 8 : istio (ELSA-2023-12780)
2023-09-08 00:00:00
redhat
redhat