Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-09T22:48:26.889Z
Updated: 2024-08-19T16:12:49.967Z
Reserved: 2024-01-15T15:19:19.439Z
Link: CVE-2024-23324
Vulnrichment
Updated: 2024-08-01T22:59:32.308Z
NVD
Status : Modified
Published: 2024-02-09T23:15:09.223
Modified: 2024-11-21T08:57:30.563
Link: CVE-2024-23324
Redhat