Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
History

Tue, 08 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat service Mesh
CPEs cpe:/a:redhat:service_mesh:2.5::el8
Vendors & Products Redhat
Redhat service Mesh

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-04T20:05:48.230Z

Updated: 2024-08-01T22:59:32.189Z

Reserved: 2024-01-15T15:19:19.441Z

Link: CVE-2024-23326

cve-icon Vulnrichment

Updated: 2024-08-01T22:59:32.189Z

cve-icon NVD

Status : Modified

Published: 2024-06-04T21:15:33.440

Modified: 2024-11-21T08:57:30.870

Link: CVE-2024-23326

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-04T00:00:00Z

Links: CVE-2024-23326 - Bugzilla