Vulnerability CVE-2021-39206

Vulnerability Name:

CVE-2021-39206 (CCN-209010)

Assigned:

2021-09-09

Published:

2021-09-09

Updated:

2021-09-27

Summary:

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation.

CVSS v3 Severity:

8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)
7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-863

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-39206

Source: XF
Type: UNKNOWN
pomerium-cve202139206-sec-bypass(209010)

Source: MISC
Type: Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h

Source: MISC
Type: Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9

Source: CCN
Type: Pomerium GIT Repository
Incorrect Authorization with specially crafted requests

Source: CONFIRM
Type: Third Party Advisory
https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm

Source: MISC
Type: Not Applicable
https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ

Vulnerable Configuration:

Configuration 1:

cpe:/a:envoyproxy:envoy:*:*:*:*:*:*:*:* (Version < 1.16.5)

OR cpe:/a:envoyproxy:envoy:*:*:*:*:*:*:*:* (Version >= 1.17.0 and < 1.17.4)

OR cpe:/a:envoyproxy:envoy:*:*:*:*:*:*:*:* (Version >= 1.18.0 and < 1.18.4)

OR cpe:/a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*

OR cpe:/a:pomerium:pomerium:*:*:*:*:*:*:*:* (Version >= 0.11.0 and < 0.14.8)

OR cpe:/a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK