Envoy Gateway Log Injection Vulnerability

A log injection vulnerability has been identified in Envoy Gateway versions prior to 1.2.7 and 1.3.1. The default access log configuration in these versions is susceptible to log injection attacks. An attacker can exploit this vulnerability by sending a specially crafted user-agent that performs JSON injection, allowing them to add or overwrite fields in the access log. This could obscure malicious activity by manipulating log entries that are crucial for security analysis.

Impact

Exploitation of this vulnerability allows for log injection, where an attacker can add or modify log entries. This could be used to obscure malicious activities by tampering with log data that is important for security monitoring and analysis.

Remediation

To address this vulnerability, users can update to Envoy Gateway versions 1.2.7, 1.3.1, or the latest version. Additionally, the default text-based access log format can be replaced with a JSON formatter by modifying the 'EnvoyProxy.spec.telemetry.accessLog' setting.