CVE-2022-29226
- Source
- https://cve.org/CVERecord?id=CVE-2022-29226
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29226.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-29226
- Aliases
-
- BIT-envoy-2022-29226
- GHSA-h45c-2f94-prxh
- Downstream
- Published
- 2022-06-09T19:25:11Z
- Modified
- 2026-04-12T06:00:16.493557Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- Trivial authentication bypass in Envoy
- Details
-
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-306" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29226.json" }- References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "source": [ "CPE_FIELD", "REFERENCES" ], "cpe": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.22.1" } ] }
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
Database specific
vanir_signatures_modified
"2026-04-12T06:00:16Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29226.json"
vanir_signatures
[
{
"target": {
"function": "TEST_F",
"file": "test/extensions/filters/http/oauth2/filter_test.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1264.0,
"function_hash": "281662523617297640788249264827131705532"
},
"id": "CVE-2022-29226-04a945dc",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Function"
},
{
"target": {
"function": "TEST_F",
"file": "test/extensions/filters/http/oauth2/filter_test.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1229.0,
"function_hash": "30694628199236083584405138574444831859"
},
"id": "CVE-2022-29226-32a81910",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Function"
},
{
"target": {
"function": "OAuth2Filter::decodeHeaders",
"file": "source/extensions/filters/http/oauth2/filter.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4034.0,
"function_hash": "107063674767337311410803185731527149389"
},
"id": "CVE-2022-29226-48561b9a",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Function"
},
{
"target": {
"function": "TEST_F",
"file": "test/extensions/filters/http/oauth2/filter_test.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 3262.0,
"function_hash": "63323507015868996184598130250001180619"
},
"id": "CVE-2022-29226-48f3c9ae",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Function"
},
{
"target": {
"file": "source/extensions/filters/http/oauth2/filter.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"85580495078750826845986403220209635056",
"23337217241157879949329712413652038723",
"191300350526761852934782361974191559163",
"315028143150369532376696270162989127583",
"132269384803882017490572198599306049377",
"322267520266479450503699519429553318488",
"295136774775542926986633558227256803423",
"254425675125351690594492109879258981358",
"113920883049328930845046062023487774059",
"301194913900238185281925303180450038236",
"225100223419765302780108794237149044419",
"250933996995780249469905620341751484210",
"326384460812286393441354676077149637476",
"98664864771136338123795149849698611272",
"99265099051273177995248239819024985765",
"15850407345126503174457384514009888988",
"64301620371066190330767691235541887608",
"101544380686600054697794715012340998906",
"298090201871478729395873864314259345442",
"60984917449165475343754437168663033704",
"150410680655658484965609276376542905411",
"321288359046030265303546296756798780852",
"73633463984885241636806968810154066294",
"79089754834425008187178291874090076662",
"300735458596473594683340097055749874181",
"165421817207268233218033646166466656619",
"198367711042155228320333088241979989002",
"197987423859686298583063733395614126524",
"319558673088152469645082516692807649136",
"189497545493467225525892367698053237104",
"67339951770127774762180801235142723066",
"335675511587551494264608974413237385673",
"63122246280500896293316635525903781110",
"210588018805491225901857807614105920913",
"199495733835576702166681320567076949387",
"129545169478029661504230570012863376870",
"56122413908009114796406099652828430228",
"170779409723420582053769018208495586607",
"85566560181802148996842108946068367881",
"337624513661120381863401345986210953058",
"72347097596827118475758451578834087389",
"146741898456563328353228294051777255212",
"151327045345838635537303454791355489923",
"329347305659308113464971805773913090019",
"292707910775829801691086955726180534508",
"64625478551471261564390935855750676855",
"83390000167642027545086979086061750240",
"283561862751377930169666837196274164129",
"230093417998384039385824707792193907126",
"160012557569594140109230669363602019332"
]
},
"id": "CVE-2022-29226-742ac38b",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Line"
},
{
"target": {
"file": "test/extensions/filters/http/oauth2/filter_test.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"231804230015694883762809339314323296072",
"154793411837694529060072902745758774335",
"206930936021972260509295173196585432844",
"236548260124891966210735489041999385334",
"184843672028100999239940826121065667102",
"195413548978333799732535030867194705404",
"144398712137106717169468623095947869252",
"333294043893860548072904992207035870228",
"64263328378024856389278474680844405582",
"217226038499597817491117934124959121310",
"273853632015243368563719534415889201095",
"175851554334843763519643538891880350112",
"166369734359904848644141776924811519730",
"151538417945840116892377167600578181885",
"37641631066489600400683288795663397260",
"144463598961436431494170504793157629096",
"260017909700534769440819847493901019555",
"207842640042289632237350581511294701",
"48530116707829471414035268226965198320",
"19743833726743046604073062186937889226",
"166737648878171231373132030431605985949",
"191332455769793701939855111038896182637",
"307269241931519457650497341870630818501",
"27675610202999622066270183594801918305",
"308234172172300961289596883215617743247",
"268574381677929954983852969179313078347",
"181442707493916903077250777415932642386",
"172942722693148563766953134164238329055",
"191043137650030189295767233702712099543",
"282033074930581173642512213574696600142",
"337245128061299722704205105589193654482",
"173770215321305491773972481438195637460",
"235461360174703547108431529250355293457",
"82232641176329412162358268595719470084",
"124925069057247791226474014642804043347",
"339317378060393318884466815125729758971",
"52258969559133507015958267438196251521",
"95344582014406817745728956546578887547",
"309561808605937143725860900701770409748",
"287945225716690594195774787006241990290",
"17793180280302068191291608743942100297",
"262277139359603071448649876030579148780",
"70585030330617247493755924746456883468",
"95344582014406817745728956546578887547",
"77664894442158180611181229966637952623",
"327329175304105579461095215865607523292",
"138153287287133347258609548313156793568",
"78523213110426778242224929792308838422",
"191043137650030189295767233702712099543",
"282033074930581173642512213574696600142",
"337245128061299722704205105589193654482",
"173770215321305491773972481438195637460",
"192096732140987847431802351021872063298",
"61292669920312266876659925704377905686"
]
},
"id": "CVE-2022-29226-87c6e533",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Line"
},
{
"target": {
"function": "OAuth2Filter::finishFlow",
"file": "source/extensions/filters/http/oauth2/filter.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2265.0,
"function_hash": "314052188154852300729348285528470910067"
},
"id": "CVE-2022-29226-c8834fee",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Function"
},
{
"target": {
"file": "source/extensions/filters/http/oauth2/filter.h"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"129006762461502704416115083049592536646",
"142519132933855653849715884430881484105",
"246158578021144544691751651505115279718",
"67954733010192534835147189484090914727",
"226459822775595618691625265471055776226",
"307060631160594250079188991311205565146",
"273780350163323002486375358429876237034",
"324685938925884278236473218574129495423"
]
},
"id": "CVE-2022-29226-cad68d37",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Line"
},
{
"target": {
"function": "OAuth2Filter::extractAccessToken",
"file": "source/extensions/filters/http/oauth2/filter.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 741.0,
"function_hash": "187817163147774183756840049475841655376"
},
"id": "CVE-2022-29226-cd406765",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Function"
},
{
"target": {
"file": "source/extensions/filters/http/oauth2/oauth_client.cc"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"201251106975044622484202925099246518398",
"45085657802776157382884087016950568657",
"45920499579357379753381858573787050881",
"318522000322470811184636806941712433248",
"305785071878873313554006926340153424159"
]
},
"id": "CVE-2022-29226-d3ea4dcd",
"source": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"signature_type": "Line"
}
]