Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect configuration handling allows TLS session re-use without re-validation in Envoy
Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Envoy 信任管理问题漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 存在信任管理问题漏洞,该漏洞源于Envoy的tls允许在某些证书验证设置从默认配置更改后重用。
CVSS Information
N/A
Vulnerability Type
N/A