CVE-2022-21654

{"id": "CVE-2022-21654", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2022-02-22T23:15:11.103", "references": [{"url": "https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade."}, {"lang": "es", "value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. El tls de Envoy permite la reutilizaci\u00f3n cuando algunos ajustes de validaci\u00f3n de cert han cambiado de su configuraci\u00f3n por defecto. La \u00fanica medida de mitigaci\u00f3n para este problema es asegurarse de que es usada la configuraci\u00f3n tls por defecto. Es recomendado a usuarios actualizar"}], "lastModified": "2022-03-03T18:11:35.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62EFF3F2-C20D-497C-ADEC-9FF2FD141466", "versionEndExcluding": "1.18.6", "versionStartIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D", "versionEndExcluding": "1.19.3", "versionStartIncluding": "1.19.0"}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8", "versionEndExcluding": "1.20.2", "versionStartIncluding": "1.20.0"}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83895D03-DAD1-4893-8A1C-F9143DEEC172", "versionEndExcluding": "1.21.1", "versionStartIncluding": "1.21.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}