CVE-2020-35470

Sažetak

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).

Reference

https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1
https://github.com/envoyproxy/envoy/issues/14087
https://github.com/envoyproxy/envoy/pull/14131

CVSS

Base:	5.8
Impact:	6.4
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-12-2020 - 17:22

Objavljeno

15-12-2020 - 01:15