Intelligence
criticalVulnerabilityActive

Envoy Gateway Path Normalization Bypass Enables Unauthorized Filesystem Access and Credential Disclosure

A path normalization flaw in Envoy Gateway's Lua security validation allows attackers to bypass authentication checks and read sensitive files (Kubernetes tokens, TLS certs, environment variables) from gateway controller pods by submitting malicious EnvoyExtensionPolicy objects.

S
Sebastion

CVE References

Affected

envoyproxy/gateway (versions < v1.7.4< v1.8.1)

Vulnerability Description

This vulnerability stems from improper path normalization in the to_absolute_normalized_path function within Envoy Gateway's security.lua module. The root cause is failure to collapse redundant path separators (///) before validating against a critical-path allowlist. Under POSIX semantics, //etc/passwd is semantically equivalent to /etc/passwd, but the is_critical_path check does not recognize this equivalence. The flaw affects the default Strict validation mode and allows Lua code submitted via EnvoyExtensionPolicy CRDs to bypass security controls.

Proof-of-Concept Significance

The PoC demonstrates a reliable, low-complexity exploitation path requiring only standard Kubernetes API access to create or modify EnvoyExtensionPolicy objects. No special privileges or external exploits are needed. The attack succeeds because: (1) the validation function fails to normalize double-slash patterns, (2) critical paths are matched as exact prefixes (e.g., /etc/ does not match //etc/), and (3) Lua sandboxing within the gateway allows file I/O operations. The precondition is modest: an attacker must have permissions to deploy or modify gateway extension policies, which is realistic in multi-tenant or compromised cluster scenarios.

Detection Guidance

Log Indicators:

  • Audit logs showing creation or modification of EnvoyExtensionPolicy objects with Lua code referencing paths like //var/run/secrets/, //etc/passwd, or //proc/self/environ
  • Envoy Gateway control-plane logs showing policy validation bypasses or file-read operations from unexpected paths
  • File-access events (via auditd or runtime security tools) targeting /var/run/secrets/kubernetes.io/serviceaccount/token, /etc/passwd, or certificate directories
  • Unexpected API calls to the Kubernetes API server or XDS server authenticated with service account tokens from gateway pods

Signature Pattern: Search for EnvoyExtensionPolicy manifests containing Lua strings with regex patterns like //[a-z]|//var|//etc|//proc or Lua file operations (e.g., io.open, os.getenv) applied to environment or secret paths.

Mitigation Steps

  1. Immediate Patching: Upgrade Envoy Gateway to v1.7.4, v1.8.1, or later immediately.
  2. Access Control: Restrict permissions to create/modify EnvoyExtensionPolicy objects using RBAC; limit to trusted operators only.
  3. Policy Validation: Implement admission webhooks to reject EnvoyExtensionPolicy objects containing Lua code that references sensitive paths (e.g., /var/run/secrets/, /etc/passwd, /proc/).
  4. Workarounds (Temporary): Apply Lua environment sandboxing as documented in the Envoy Gateway Lua extension guide; disable Lua extensions if not required.
  5. Network Segmentation: Restrict gateway pod access to the Kubernetes API server and XDS server using network policies.

Risk Assessment

Likelihood: High. The vulnerability affects a default configuration (Strict validation) and requires only standard Kubernetes API permissions. Multi-tenant clusters, CI/CD environments, and clusters with inadequate RBAC are particularly at risk. Threat Actor Interest: Critical. Credential disclosure from Kubernetes service account tokens and TLS certificates provides pathways to lateral movement, cluster compromise, and exfiltration of sensitive workloads. This is highly attractive to insider threats and compromised supply-chain attackers. Exploitation in the Wild: Active exploitation is plausible given the simplicity of the attack and the high value of Kubernetes credentials. Organizations should assume this has been discovered and may be exploited.