Envoy Proxy Vulnerability Allows Header Manipulation and Request Forgery
CVE-2024-7207

9.8CRITICAL

Key Information:

Vendor: Red Hat
Status: Openshift Service Mesh 2
Vendor: CVE Published:; 19 September 2024

Summary

The vulnerability identified has been marked as a duplicate of CVE-2024-45806, suggesting a redundancy in reporting. However, it is critical to monitor and address any existing weaknesses in Envoy Proxy that may arise from overlapping vulnerabilities. Users and system administrators should stay informed about security advisories from the Envoy Project to ensure all systems running Envoy are updated and compliant with the latest security practices.

References

https://access.redhat.com/security/cve/CVE-2024-7207

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2300352

issue-trackingx_refsource_REDHAT

https://github.com/envoyproxy/envoy/security/advisories/G...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2024
Vulnerability Reserved
Jul 29, 2024

Credit

This issue was discovered by James Force (Red Hat) and Mike Whale.