Data Leak Vulnerability in Istio and Envoy from Google
CVE-2020-11767

3.1LOW

Key Information:

Vendor

Istio

Status
Istio
Envoy
Vendor
CVE Published:
15 April 2020

What is CVE-2020-11767?

Istio versions up to 1.5.1 and Envoy versions up to 1.14.1 are susceptible to a data leak issue associated with the handling of TCP connections. When a connection is established with a wildcard domain (e.g., *.example.com) and a targeted request is made to a specific subdomain (e.g., abc.example.com), sensitive data may inadvertently be sent to unintended servers. This occurs due to improper connection reusability by shared caching forward proxies, which do not enforce the expected security measures, resulting in potential exposure of confidential information. The data leak is exacerbated by the lack of a 421 Misdirected Request response from above products, failing to adhere to the security model implemented by web browsers.

References

https://bugs.chromium.org/p/chromium/issues/detail?id=954...
x_refsource_MISC
https://github.com/envoyproxy/envoy/issues/6767
x_refsource_MISC
https://github.com/istio/istio/issues/9429
x_refsource_MISC

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.