ISTIO-SECURITY-2024-001

CVEs reported by Envoy.

Feb 9, 2024

Disclosure Details
CVE(s)CVE-2024-23322
CVE-2024-23323
CVE-2024-23324
CVE-2024-23325
CVE-2024-23327
CVSS Impact Score8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected ReleasesAll releases prior to 1.19.0
1.19.0 to 1.19.6
1.20.0 to 1.20.2

CVE

Envoy CVEs

Note: At the time of publishing, the below security advisories have not yet been published, but should be published shortly.

Am I Impacted?

The majority of exploitable behavior is related to the use of PROXY Protocol, primarily used in gateway scenarios. If you or your users have PROXY Protocol enabled, either via EnvoyFilter or proxy config annotations, there is potential exposure.

Aside from the use of PROXY protocol, the usage of the %DOWNSTREAM_PEER_IP_SAN% command operator for access logs has potential exposure.