How severe is CVE-2021-29492?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2021-29492?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2021-29492

HIGH Year: 2021

CVSS v3 Score

8.3

High

CVSS v2 Score

7.5

High

Weakness Type

CWE-22

View all →

Vulnerability Description

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\` interchangeably.

CVE-2021-27275

HIGH

CVSS:8.3(High)

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authen...

CWE-222021

CVE-2023-42130

HIGH

CVSS:8.3(High)

A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installatio...

CWE-222023

CVE-2023-46496

HIGH

CVSS:8.3(High)

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoi...

CWE-222023

CVE-2024-21677

HIGH

CVSS:8.3(High)

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attac...

CWE-222024

CVE-2024-23468

HIGH

CVSS:8.3(High)

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file dele...

CWE-222024

CVE-2024-27971

HIGH

CVSS:8.3(High)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects...

CWE-222024

CVE-2021-29492

Vulnerability Description

Related Vulnerabilities

CVE-2021-27275

CVE-2023-42130

CVE-2023-46496

CVE-2024-21677

CVE-2024-23468

CVE-2024-27971