Vulnerabilities > CVE-2020-35470 - Unspecified vulnerability in Envoyproxy Envoy
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH low complexity
envoyproxy
Summary
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
Vulnerable Configurations
References
- https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1
- https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1
- https://github.com/envoyproxy/envoy/issues/14087
- https://github.com/envoyproxy/envoy/issues/14087
- https://github.com/envoyproxy/envoy/pull/14131
- https://github.com/envoyproxy/envoy/pull/14131