x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695

GoVulnBot · 2023-04-04T21:01:12Z

CVE-2023-27496 references github.com/envoyproxy/envoy, which may be a Go module.

Description:
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the state parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).

References:

Cross references:

Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43824 #330 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43825 #331 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43826 #332 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21654 #333 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21655 #334 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21656 #335 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21657 #336 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-23606 #337 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29224 #484 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29225 #485 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29226 #486 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29227 #487 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29228 #488 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/envoyproxy/envoy
    packages:
      - package: envoy
description: |
    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).
cves:
  - CVE-2023-27496
references:
  - advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-04-05T17:04:37Z

Change https://go.dev/cl/482615 mentions this issue: data/excluded: batch add GO-2023-1701, GO-2023-1700, GO-2023-1699, GO-2023-1687, GO-2023-1685, GO-2023-1695, GO-2023-1694, GO-2023-1693, GO-2023-1692, GO-2023-1691, GO-2023-1690

tatianab self-assigned this Apr 5, 2023

tatianab added the excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. label Apr 5, 2023

gopherbot closed this as completed in c15712e Apr 5, 2023

This was referenced Jul 13, 2023

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35945 #1917

Closed

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: GHSA-2wmf-p7f8-w42h #1921

Closed

GoVulnBot mentioned this issue Oct 10, 2023

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-44487 #2106

Closed

This was referenced Apr 10, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-27919 #2710

Closed

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-30255 #2713

Closed

GoVulnBot mentioned this issue Apr 18, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32475 #2735

Closed

GoVulnBot mentioned this issue Jul 1, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-39305 #2960

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695

GoVulnBot commented Apr 4, 2023

gopherbot commented Apr 5, 2023

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695

Comments

GoVulnBot commented Apr 4, 2023

gopherbot commented Apr 5, 2023