The vulnerability in Envoy's OAuth2 HTTP filter arises from the use of AES-256-CBC encryption without an authentication tag (no HMAC or AEAD), leading to a padding oracle via differing HTTP responses (302 vs 401) on decryption success or padding failure. An attacker with access to the encrypted CodeVerifier cookie can exploit this to recover the plaintext PKCE code_verifier within approximately 6,200 requests (~100 seconds). This recovered code_verifier can then be used with a stolen authorization code to obtain the victim's access token. The issue is addressed in Envoy versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1.

Successful exploitation allows an attacker to recover sensitive PKCE code_verifier values, which can be combined with stolen authorization codes to obtain unauthorized access tokens, leading to potential compromise of user accounts or services relying on OAuth2 authentication.

This vulnerability is fixed in Envoy versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. Users should upgrade to one of these versions or later to remediate the issue. Patch status is not explicitly stated beyond these fixed versions, so verify with the vendor advisory for the latest remediation guidance.