Description

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.

Remediation

References

CVE-2023-35941

Related Vulnerabilities

WordPress Plugin Cool Video Gallery Command Injection (1.9)

WordPress Plugin Crowd Ideas Cross-Site Scripting (1.0)

PHP Other Vulnerability (CVE-2015-2787)

Ampache Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3929)

WordPress Plugin Contact Form 7 Datepicker Cross-Site Scripting (2.6.0)

Severity

Critical

Classification

CVE-2023-35941 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities