Miggo Logo

CVE-2024-42487: Gateway API route matching order contradicts specification

4

CVSS Score
3.1

Basic Information

EPSS Score
0.28533%
Published
8/15/2024
Updated
9/30/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/cilium/ciliumgo= 1.16.01.16.1
github.com/cilium/ciliumgo>= 1.15.0, < 1.15.81.15.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the route sorting logic in SortableRoute.Less() which determines match precedence. The commit diff shows the fix added method matching checks (via getMethod) before header matching checks in the sorting algorithm. The original implementation without this method check caused routes with header matches to be prioritized over method matches, violating the spec's requirement that method matching should precede header matching. The test changes in envoy_virtual_host_test.go demonstrate how method-based routes now get higher priority in the sorted order. The function's role in determining routing precedence and the direct modification to insert method checks make it clearly vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t **t*w*y *PI *TTPRout*s *n* *RP*Rout*s *o not *ollow t** m*t** pr*****n** sp**i*i** in t** **t*w*y *PI sp**i*i**tion. In p*rti*ul*r, r*qu*st *****rs *r* m*t**** ***or* r*qu*st m*t*o*s, w**n t** sp**i*i**tion **s*ri**s t**t t** r*qu*st m*t*

Reasoning

T** vuln*r**ility st*ms *rom t** rout* sortin* lo*i* in Sort**l*Rout*.L*ss() w*i** **t*rmin*s m*t** pr*****n**. T** *ommit *i** s*ows t** *ix ***** m*t*o* m*t**in* ****ks (vi* **tM*t*o*) ***or* *****r m*t**in* ****ks in t** sortin* *l*orit*m. T** ori