CVE-2024-7207 - Envoy Header Forgery Vulnerability

2 months ago 31
ARTICLE AD BOX
CVE ID : CVE-2024-7207
Published : Sept. 19, 2024, 11:15 p.m. | 24 minutes ago
Description : A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article