6 matches found
EUVD-2020-29512
Malware in sbrugna...
envoy: Incorrect Access Control when using SDS with Combined Validation Context
An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions...
CVE-2020-8664
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret e.g. trusted CA across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even thoug...
CVE-2020-8664
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret e.g. trusted CA across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even thoug...
CVE-2020-8664
CVE-2020-8664 is reported in the Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy advisory (RHSA-2020:0734). The issue is an incorrect Access Control when using SDS with a Combined Validation Context in Envoy, which could affect access controls across multiple resources and is one of severa...
CVE-2020-8664
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret e.g. trusted CA across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even thoug...