CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.4%
Envoy and Go HTTP/2 protocol stack is vulnerable to the “Rapid Reset” class of exploits, which send a sequence of HEADERS frames optionally followed by RST_STREAM frames.
This can be exercised if you use the builtin gateway and receive untrusted http2 traffic.
https://github.com/kumahq/kuma/pull/8023
https://github.com/kumahq/kuma/pull/8001
https://github.com/kumahq/kuma/pull/8034
Disable http2 on the gateway listener with a MeshProxyPatch or ProxyTemplate.
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/golang/go/issues/63417
https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/?sf269548684=1
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge
cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
github.com/advisories/GHSA-qppj-fm5r-hxr3
github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76
github.com/golang/go/issues/63417
github.com/kumahq/kuma
github.com/kumahq/kuma/pull/8001
github.com/kumahq/kuma/pull/8023
github.com/kumahq/kuma/pull/8034
github.com/kumahq/kuma/security/advisories/GHSA-9wmc-rg4h-28wv
www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge
www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/?sf269548684=1