CVE-2022-29226
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-29226
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29226.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-29226
- Aliases
- Downstream
- Related
- Published
- 2022-06-09T20:15:08Z
- Modified
- 2025-06-30T20:02:23Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue.
- References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2022-29226-04a945dc",
"signature_type": "Function",
"digest": {
"function_hash": "281662523617297640788249264827131705532",
"length": 1264.0
},
"target": {
"file": "test/extensions/filters/http/oauth2/filter_test.cc",
"function": "TEST_F"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-32a81910",
"signature_type": "Function",
"digest": {
"function_hash": "30694628199236083584405138574444831859",
"length": 1229.0
},
"target": {
"file": "test/extensions/filters/http/oauth2/filter_test.cc",
"function": "TEST_F"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-48561b9a",
"signature_type": "Function",
"digest": {
"function_hash": "107063674767337311410803185731527149389",
"length": 4034.0
},
"target": {
"file": "source/extensions/filters/http/oauth2/filter.cc",
"function": "OAuth2Filter::decodeHeaders"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-48f3c9ae",
"signature_type": "Function",
"digest": {
"function_hash": "63323507015868996184598130250001180619",
"length": 3262.0
},
"target": {
"file": "test/extensions/filters/http/oauth2/filter_test.cc",
"function": "TEST_F"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-742ac38b",
"signature_type": "Line",
"digest": {
"line_hashes": [
"85580495078750826845986403220209635056",
"23337217241157879949329712413652038723",
"191300350526761852934782361974191559163",
"315028143150369532376696270162989127583",
"132269384803882017490572198599306049377",
"322267520266479450503699519429553318488",
"295136774775542926986633558227256803423",
"254425675125351690594492109879258981358",
"113920883049328930845046062023487774059",
"301194913900238185281925303180450038236",
"225100223419765302780108794237149044419",
"250933996995780249469905620341751484210",
"326384460812286393441354676077149637476",
"98664864771136338123795149849698611272",
"99265099051273177995248239819024985765",
"15850407345126503174457384514009888988",
"64301620371066190330767691235541887608",
"101544380686600054697794715012340998906",
"298090201871478729395873864314259345442",
"60984917449165475343754437168663033704",
"150410680655658484965609276376542905411",
"321288359046030265303546296756798780852",
"73633463984885241636806968810154066294",
"79089754834425008187178291874090076662",
"300735458596473594683340097055749874181",
"165421817207268233218033646166466656619",
"198367711042155228320333088241979989002",
"197987423859686298583063733395614126524",
"319558673088152469645082516692807649136",
"189497545493467225525892367698053237104",
"67339951770127774762180801235142723066",
"335675511587551494264608974413237385673",
"63122246280500896293316635525903781110",
"210588018805491225901857807614105920913",
"199495733835576702166681320567076949387",
"129545169478029661504230570012863376870",
"56122413908009114796406099652828430228",
"170779409723420582053769018208495586607",
"85566560181802148996842108946068367881",
"337624513661120381863401345986210953058",
"72347097596827118475758451578834087389",
"146741898456563328353228294051777255212",
"151327045345838635537303454791355489923",
"329347305659308113464971805773913090019",
"292707910775829801691086955726180534508",
"64625478551471261564390935855750676855",
"83390000167642027545086979086061750240",
"283561862751377930169666837196274164129",
"230093417998384039385824707792193907126",
"160012557569594140109230669363602019332"
],
"threshold": 0.9
},
"target": {
"file": "source/extensions/filters/http/oauth2/filter.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-87c6e533",
"signature_type": "Line",
"digest": {
"line_hashes": [
"231804230015694883762809339314323296072",
"154793411837694529060072902745758774335",
"206930936021972260509295173196585432844",
"236548260124891966210735489041999385334",
"184843672028100999239940826121065667102",
"195413548978333799732535030867194705404",
"144398712137106717169468623095947869252",
"333294043893860548072904992207035870228",
"64263328378024856389278474680844405582",
"217226038499597817491117934124959121310",
"273853632015243368563719534415889201095",
"175851554334843763519643538891880350112",
"166369734359904848644141776924811519730",
"151538417945840116892377167600578181885",
"37641631066489600400683288795663397260",
"144463598961436431494170504793157629096",
"260017909700534769440819847493901019555",
"207842640042289632237350581511294701",
"48530116707829471414035268226965198320",
"19743833726743046604073062186937889226",
"166737648878171231373132030431605985949",
"191332455769793701939855111038896182637",
"307269241931519457650497341870630818501",
"27675610202999622066270183594801918305",
"308234172172300961289596883215617743247",
"268574381677929954983852969179313078347",
"181442707493916903077250777415932642386",
"172942722693148563766953134164238329055",
"191043137650030189295767233702712099543",
"282033074930581173642512213574696600142",
"337245128061299722704205105589193654482",
"173770215321305491773972481438195637460",
"235461360174703547108431529250355293457",
"82232641176329412162358268595719470084",
"124925069057247791226474014642804043347",
"339317378060393318884466815125729758971",
"52258969559133507015958267438196251521",
"95344582014406817745728956546578887547",
"309561808605937143725860900701770409748",
"287945225716690594195774787006241990290",
"17793180280302068191291608743942100297",
"262277139359603071448649876030579148780",
"70585030330617247493755924746456883468",
"95344582014406817745728956546578887547",
"77664894442158180611181229966637952623",
"327329175304105579461095215865607523292",
"138153287287133347258609548313156793568",
"78523213110426778242224929792308838422",
"191043137650030189295767233702712099543",
"282033074930581173642512213574696600142",
"337245128061299722704205105589193654482",
"173770215321305491773972481438195637460",
"192096732140987847431802351021872063298",
"61292669920312266876659925704377905686"
],
"threshold": 0.9
},
"target": {
"file": "test/extensions/filters/http/oauth2/filter_test.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-c8834fee",
"signature_type": "Function",
"digest": {
"function_hash": "314052188154852300729348285528470910067",
"length": 2265.0
},
"target": {
"file": "source/extensions/filters/http/oauth2/filter.cc",
"function": "OAuth2Filter::finishFlow"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-cad68d37",
"signature_type": "Line",
"digest": {
"line_hashes": [
"129006762461502704416115083049592536646",
"142519132933855653849715884430881484105",
"246158578021144544691751651505115279718",
"67954733010192534835147189484090914727",
"226459822775595618691625265471055776226",
"307060631160594250079188991311205565146",
"273780350163323002486375358429876237034",
"324685938925884278236473218574129495423"
],
"threshold": 0.9
},
"target": {
"file": "source/extensions/filters/http/oauth2/filter.h"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-cd406765",
"signature_type": "Function",
"digest": {
"function_hash": "187817163147774183756840049475841655376",
"length": 741.0
},
"target": {
"file": "source/extensions/filters/http/oauth2/filter.cc",
"function": "OAuth2Filter::extractAccessToken"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2022-29226-d3ea4dcd",
"signature_type": "Line",
"digest": {
"line_hashes": [
"201251106975044622484202925099246518398",
"45085657802776157382884087016950568657",
"45920499579357379753381858573787050881",
"318522000322470811184636806941712433248",
"305785071878873313554006926340153424159"
],
"threshold": 0.9
},
"target": {
"file": "source/extensions/filters/http/oauth2/oauth_client.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_version": "v1",
"deprecated": false
}
]
}