What is CVE-2021-32783?

CVE-2021-32783 is a high-severity vulnerability in Projectcontour Contour, classified under Unintended Proxy or Intermediary (Confused Deputy). CVSS score: 8.5/10. Published 2021-07-23.

How severe is CVE-2021-32783?

High severity. CVSS v3 base score is 8.5 out of 10.

Vulnerability in Projectcontour Contour

CVE-2021-32783

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside…

EPSS: 0.003 (50.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H.

Affected products

Projectcontour Contour — versions < 1.17.1

Weakness classification (CWE)

CWE-441 — Unintended Proxy or Intermediary (Confused Deputy)

References

github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc (x_refsource_CONFIRM)
github.com/projectcontour/contour/commit/b53a5c4fd927f4ea2c6cf02f1359d8e28bef85… (x_refsource_MISC)
github.com/projectcontour/contour/releases/tag/v1.17.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32783?: CVE-2021-32783 is a high-severity vulnerability in Projectcontour Contour, classified under Unintended Proxy or Intermediary (Confused Deputy). CVSS score: 8.5/10. Published 2021-07-23.
How severe is CVE-2021-32783?: High severity. CVSS v3 base score is 8.5 out of 10.