Vulnerability Details : CVE-2021-39206
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation.
Products affected by CVE-2021-39206
- cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*
- cpe:2.3:a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-39206
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-39206
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
3.9
|
4.0
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
3.9
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2021-39206
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-39206
-
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
Incorrect concatenation of multiple value request headers in ext-authz extension · Advisory · envoyproxy/envoy · GitHubThird Party Advisory
-
https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ
Security releases of Envoy 1.19.1, 1.18.4, 1.17.4, and 1.16.5 are now availableNot Applicable
-
https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm
Incorrect Authorization with specially crafted requests · Advisory · pomerium/pomerium · GitHubThird Party Advisory
-
https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9
Incorrectly handling of URI '#fragment' element as part of the path element · Advisory · envoyproxy/envoy · GitHubThird Party Advisory
Jump to