Information Disclosure via X-Envoy-Internal Header
Description
The 'X-Envoy-Internal' header is added by Envoy Proxy to indicate that a request is considered 'internal' to the service mesh or trusted network. If this header is leaked to external clients, it can provide insight into how requests are classified or routed within your infrastructure. Attackers who learn about internal routing assumptions may attempt to craft requests appearing as 'internal,' potentially bypassing security measures or accessing internal-only resources. Ultimately, exposing this header can weaken security boundaries, enabling malicious actors to exploit trust relationships presumed to hold only for legitimate internal traffic.
Remediation
Remove or mask the 'X-Envoy-Internal' header in production environments so it is not visible to untrusted users. Configure Envoy or any additional proxies/load balancers to filter out this header in outgoing responses. Keep your Envoy configuration updated and review any default or custom rules that treat traffic differently based on whether it is flagged as 'internal.' Use a Web Application Firewall (WAF) or network intrusion detection system to detect and block requests that exploit trust assumptions. Regularly audit response headers and traffic flow configurations to ensure internal routing details remain confidential.
References
https://www.envoyproxy.io/https://owasp.org/www-community/attacks/Information_exposureSeverity
MEDIUMOwasp
Code: A05:2021
Category: Security Misconfiguration
Classification
5.3
5.3