CVE-2020-25017

High

8.3/10

Summary

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

References

Advisory Timeline

Published Oct 01, 2020

CVE-2020-25017

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS