漏洞标题
N/A
漏洞描述信息
Istio 1.5.1 和 Envoy 1.14.1 都存在数据泄漏问题。如果有 TCP 连接(通过 SNI 协商 HTTPS 协议)连接到 *.example.com,则同时配置的域名请求(例如,abc.example.com)会发送到监听在 *.example.com 后面的服务器。结果应该是 421 错误。想象一个共享缓存反向代理,为具有许多用户的大子网使用 HTTP/2 连接。如果受害者正在与 abc.example.com 交互,一个服务器(为 abc.example.com)将 TCP 连接用于反向代理,受害者的浏览器可能会突然开始向 *.example.com 服务器发送敏感数据。这是因为反向代理在受害者和原始服务器之间 reuse 连接(遵循规格),但 Istio 和 Envoy 而是通过发送 421 错误来纠正此问题。同样,这种行为破坏了浏览器在域名之间建立的安全模型。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Envoy和Istio 信息泄露漏洞
漏洞描述信息
Envoy是一款开源的分布式代理服务器。Istio是一套连接、管理和保护微服务的开放平台。 Istio 1.5.1及之前版本和Envoy 1.14.1及之前版本中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感数据。
CVSS信息
N/A
漏洞类别
信息泄露