CWE
346
Advisory Published
Updated

CVE-2020-15104: TLS Validation Vulnerability in Envoy

First published: Tue Jul 14 2020(Updated: )

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, when it should only allow subdomain.example.com. This defect applies to both validating a client TLS certificate in mTLS, and validating a server TLS certificate for upstream connections. This vulnerability is only applicable to situations where an untrusted entity can obtain a signed wildcard TLS certificate for a domain of which you only intend to trust a subdomain of. For example, if you intend to trust api.mysubdomain.example.com, and an untrusted actor can obtain a signed TLS certificate for *.example.com or *.com. Configurations are vulnerable if they use verify_subject_alt_name in any Envoy version, or if they use match_subject_alt_names in version 1.14 or later. This issue has been fixed in Envoy versions 1.12.6, 1.13.4, 1.14.4, 1.15.0.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Envoyproxy Envoy<1.12.6
Envoyproxy Envoy>=1.13.0<1.13.4
Envoyproxy Envoy>=1.14.0<1.14.4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-15104?

    CVE-2020-15104 is a vulnerability in Envoy that allows a wildcard DNS Subject Alternative Name to apply to multiple subdomains.

  • Which versions of Envoy are affected by CVE-2020-15104?

    Versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 of Envoy are affected by CVE-2020-15104.

  • How does CVE-2020-15104 impact TLS certificate validation in Envoy?

    CVE-2020-15104 allows a wildcard DNS Subject Alternative Name to be incorrectly applied to multiple subdomains during TLS certificate validation in Envoy.

  • What is the severity of CVE-2020-15104?

    CVE-2020-15104 has a severity rating of medium, with a CVSS score of 5.4.

  • How can I fix CVE-2020-15104?

    To fix CVE-2020-15104, update Envoy to versions 1.12.6, 1.13.4, 1.14.4, or 1.15.0.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203