CVE-2023-27496

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9

Description The OAuth filter in Envoy assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending a request with the URI path equivalent to the redirect path, without the state parameter, will lead to abnormal termination of the Envoy process.

Recommendations For versions prior to 1.26.0, update to version 1.26.0 or later. For versions prior to 1.25.3, update to version 1.25.3 or later. For versions prior to 1.24.4, update to version 1.24.4 or later. For versions prior to 1.23.6, update to version 1.23.6 or later. For versions prior to 1.22.9, update to version 1.22.9 or later. As a temporary workaround, consider disabling the OAuth filter or locking down OAuth traffic to minimize the risk of exploitation. Alternatively, filter traffic before it reaches the OAuth filter, for example, via a lua script.