Rikatz

**Name of the Vulnerable Software and Affected Versions** Envoy Gateway versions prior to 1.5.7 Envoy Gateway versions prior to 1.6.2 **Description** Envoy Gateway is an open source project for managing Envoy Proxy. EnvoyExtensionPolicy Lua scripts executed by the proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to secrets used by Envoy proxy, such as TLS private keys and credentials used for upstream and downstream communication. **Recommendations** Update Envoy Gateway to version 1.5.7 or later. Update Envoy Gateway to version 1.6.2 or later.