Google Extensible Service Proxy 2.20.0 < 2.43.0 Authentication Bypass

Google Extensible Service Proxy (ESP) is a scalable proxy provided by the Google Cloud Platform (GCP) used to provide API management features based on an OpenAPI or gRPC API backend. ESP versions starting 2.20.0 and before 2.43.0 suffer from an authentication bypass vulnerability. By crafting a specific HTTP request using the X-HTTP-Method-Override header, a remote and unauthenticated attacker can leverage this vulnerability to access some of the API backend endpoints delivered by the ESP proxy which should require…Read More

Back to Main

Subscribe for the latest news: