Skip to content

Latest commit

 

History

History
52 lines (29 loc) · 1.21 KB

gh-cve-template.md

File metadata and controls

52 lines (29 loc) · 1.21 KB
Raw

This template is for public disclosure of CVE details on Envoy's GitHub. It should be filed with the public release of a security patch version, and will be linked to in the announcement sent to [email protected]. The title of this issue should be the CVE identifier and it should have the security label applied.

CVE-YEAR-ABCDEF

Brief description

Brief description used when filing CVE.

CVSS

$CVSSSTRING($CVSSSCORE, $SEVERITY)

Affected version(s)

Envoy x.y.z and before.

Affected component(s)

List affected internal components and features.

Attack vector(s)

How would an attacker use this?

Discover(s)/Credits

Individual and optional organization.

Example exploit or proof-of-concept

If there is proof-of-concept or example, provide a concrete example.

Details

Deep dive into the defect. This should be detailed enough to maintain a record for posterity while being clear and concise.

Mitigations

Are there configuration or CLI options that can be used to mitigate?

Detection

How can exploitation of this bug be detected in existing and future Envoy versions? E.g. access logs.

References

  • CVE: $CVEURL

Any other public information.