CVE-2020-25017
envoyproxy/envoy: incorrectly handles multiple HTTP headers in requests
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Envoy versiones hasta 1.15.0, solo considera el primer valor cuando múltiples valores de encabezado están presentes para algunos encabezados HTTP. La API de mapa de encabezado de la función setCopy() de Envoy no reemplaza todas las ocurrencias existentes de un encabezado no en línea
An incorrect access control bypass vulnerability was found in envoy proxy/envoy. This flaw allows an attacker to send multiple HTTP headers where only the first one is valid. Envoy then forwards all of the headers as valid to the upstream component. This issue allows an attacker to subvert any envoy filters or rules, causing an inconsistency between envoy and the upstream component, potentially gaining access to restricted resources.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-29 CVE Reserved
- 2020-09-30 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://groups.google.com/forum/#%21forum/envoy-security-announce | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-25017 | 2020-09-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1877613 | 2020-09-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | < 1.12.7 Search vendor "Envoyproxy" for product "Envoy" and version " < 1.12.7" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.13.0 < 1.13.4 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.13.0 < 1.13.4" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.14.0 < 1.14.4 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.14.0 < 1.14.4" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.15.0 < 1.15.1 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.15.0 < 1.15.1" | - |
Affected
|