Description

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).

Remediation

References

CVE-2020-35470

Related Vulnerabilities

MediaWiki Unquoted Search Path or Element Vulnerability (CVE-2021-31553)

Magento Cryptographic Issues Vulnerability (CVE-2019-7860)

MySQL CVE-2021-35634 Vulnerability (CVE-2021-35634)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7872)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2050)

Severity

High

Classification

CVE-2020-35470 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities