Description

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.

Remediation

References

CVE-2023-35941

Related Vulnerabilities

WordPress Plugin Fancy Gallery Cross-Site Scripting (1.5.12)

Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10073)

IBM WebSEAL Other Vulnerability (CVE-2019-4552)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.19)

WordPress Plugin Multilanguage by BestWebSoft Cross-Site Scripting (1.2.1)

Severity

Critical

Classification

CVE-2023-35941 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities