Multiple vulnerabilities in CNCF Envoy

1) Improper access control

EUVDB-ID: #VU25838

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-8664

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when using SDS with Combined Validation Context. A remote attacker can use the same secret (e.g. trusted CA) across many resources together with the combined validation context and gain unauthorized access to the affected application

Mitigation

Install update from vendor's website.

Vulnerable software versions

envoy: 1.0.0 - 1.13.0

Fixed software versions

CPE2.3

• cpe:2.3:a:cncf:envoy:1.13.0:*:*:*:*:*:*:*

External links

http://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8
http://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Resource exhaustion

EUVDB-ID: #VU25837

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-8661

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected software consumes excessive amounts of memory when responding internally to pipelined requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

envoy: 1.0.0 - 1.13.0

Fixed software versions

CPE2.3

• cpe:2.3:a:cncf:envoy:1.13.0:*:*:*:*:*:*:*

External links

http://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7
http://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Improper access control

EUVDB-ID: #VU25836

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-8660

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to bypass TLS inspector.

The vulnerability exists due to the TLS extensions (SNI, ALPN) are not inspected, those connections might been matched to a wrong filter chain. A remote attacker can bypass implemented security restrictions in the process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

envoy: 1.0.0 - 1.13.0

Fixed software versions

CPE2.3

• cpe:2.3:a:cncf:envoy:1.13.0:*:*:*:*:*:*:*

External links

http://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx
http://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Resource exhaustion

EUVDB-ID: #VU25835

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-8659

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected software consumes excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

envoy: 1.0.0 - 1.13.0

Fixed software versions

CPE2.3

• cpe:2.3:a:cncf:envoy:1.13.0:*:*:*:*:*:*:*

External links

http://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv
http://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?