cvedb.io
CVE-2021-32783
HIGH · CVSS 8.5
EPSS exploitation probability: 0%
Published 2021-07-23T22:15:08.480 · Last modified 2026-06-17T03:53:37.367

Summary

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely (a denial of service), or to expose the existence of any Secret that Envoy is using for its configuration, including most notably TLS Keypairs. However, it *cannot* be used to get the *content* of those secrets. Since this attack allows access to the administration interface, a variety of administration options are available, such as shutting down the Envoy or draining traffic. In general, the Envoy admin interface cannot easily be used for making changes to the cluster, in-flight requests

Affected products

projectcontour — contour

Does this affect you?

Add your gear to cvedb and we'll alert you only when projectcontour ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.