{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy\u2019s setCopy() header map API does not replace all existing occurences of a non-inline header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-01T16:39:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25017", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy\u2019s setCopy() header map API does not replace all existing occurences of a non-inline header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/forum/#!forum/envoy-security-announce", "refsource": "MISC", "url": "https://groups.google.com/forum/#!forum/envoy-security-announce"}, {"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w", "refsource": "MISC", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:26:09.196Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25017", "datePublished": "2020-10-01T16:39:40", "dateReserved": "2020-08-29T00:00:00", "dateUpdated": "2024-08-04T15:26:09.196Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "F453FD36-FC1A-402A-9710-411CDCAA7267", "versionEndExcluding": "1.12.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "03F35E43-8693-4A3F-BBCD-BF71498D5607", "versionEndExcluding": "1.13.4", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "B80A633C-5843-4229-A733-30C7B366AC57", "versionEndExcluding": "1.14.4", "versionStartIncluding": "1.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "67FC80BB-FF91-4A5C-987E-CC5902586F44", "versionEndExcluding": "1.15.1", "versionStartIncluding": "1.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy\u2019s setCopy() header map API does not replace all existing occurences of a non-inline header."}, {"lang": "es", "value": "Envoy versiones hasta 1.15.0, solo considera el primer valor cuando m\u00faltiples valores de encabezado est\u00e1n presentes para algunos encabezados HTTP. La API de mapa de encabezado de la funci\u00f3n setCopy() de Envoy no reemplaza todas las ocurrencias existentes de un encabezado no en l\u00ednea"}], "id": "CVE-2020-25017", "lastModified": "2024-11-21T05:16:31.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-01T17:15:13.337", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Envoy security team for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:4129", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "servicemesh-proxy-0:1.1.9-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2020-09-30T00:00:00Z"}], "bugzilla": {"description": "envoyproxy/envoy: incorrectly handles multiple HTTP headers in requests", "id": "1877613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877613"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-284", "details": ["Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy\u2019s setCopy() header map API does not replace all existing occurences of a non-inline header.", "An incorrect access control bypass vulnerability was found in envoy proxy/envoy. This flaw allows an attacker to send multiple HTTP headers where only the first one is valid. Envoy then forwards all of the headers as valid to the upstream component. This issue allows an attacker to subvert any envoy filters or rules, causing an inconsistency between envoy and the upstream component, potentially gaining access to restricted resources."], "name": "CVE-2020-25017", "public_date": "2020-09-29T19:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25017\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25017\nhttps://istio.io/latest/news/security/istio-security-2020-010/"], "threat_severity": "Moderate"}