CVE-2023-27488
CVSS V2 None
CVSS V3 None
Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`.
Overview
- CVE ID
- CVE-2023-27488
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-04-04T18:15:07
- Last Modified Date
- 2023-04-11T14:42:21
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:* | 1 | OR | 1.22.9 | |
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:* | 1 | OR | 1.23.0 | 1.23.6 |
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:* | 1 | OR | 1.24.0 | 1.24.4 |
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:* | 1 | OR | 1.25.0 | 1.25.3 |
References
Reference URL | Reference Tags |
---|---|
https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph | Exploit Mitigation Vendor Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-27488 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27488 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 04:07:58 | Added to TrackCVE | |||
2023-04-17 04:08:01 | Weakness Enumeration | new |