CVE-2024-7207

CVSS V2 None CVSS V3 None
Description
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487.
Overview
  • CVE ID
  • CVE-2024-7207
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-09-19T22:17:51.582Z
  • Last Modified Date
  • 2024-09-19T22:17:51.582Z
History
Created Old Value New Value Data Type Notes
2024-10-06 05:19:41 Added to TrackCVE