Mkauf

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 **Description** The issue is related to insufficient input validation when processing the `x-envoy-original-path` header, allowing attackers to bypass JSON Web Token (JWT) checks and forge fake original paths. This can lead to unauthorized access to protected information. The `x-envoy-original-path` header should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt authn` checks if the `jwt authn` filter is used. **Recommendations** For versions prior to 1.26.0, update to version 1.26.0 or later. For versions prior to 1.25.3, update to version 1.25.3 or later. For versions prior to 1.24.4, update to version 1.24.4 or later. For versions prior to 1.23.6, update to version 1.23.6 or later. For versions prior to 1.22.9, update to version 1.22.9 or later. As a temporary workaround, consider restricting the use of the `x-envoy-original-path` header to minimize the risk of exploitation.