GHSA-m2v6-2jmh-4c68
Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization
상세
Vulnerability report without repro case. Repro case may be added later after harness is complete.
**Preconditions (4):** - Tenant has SecurityPolicy + TCPRoute RBAC (baseline) - Tenant namespace permitted to attach TCPRoute to a Gateway listener - spec.authorization omitted (the trigger) - No admission webhook blocks the shape
**Description:**
A namespace-scoped tenant can deterministically panic the gatewayapi runner on every reconcile with a single CRD; the recover() in message/watchutil.go:53 keeps the process alive but unwinds the entire handle() callback in runner/runner.go:192, so xDS/Infra IR publishing stalls controller-wide until an admin deletes the object. Data plane keeps serving last-good config.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
1.8.0-rc.0 수정 버전: 1.8.1 go get github.com/envoyproxy/gateway@v1.8.1 0 수정 버전: 1.7.4 go get github.com/envoyproxy/gateway@v1.7.4