3 matches found
RHEL 8 : Red Hat OpenShift Service Mesh 1.0.7 servicemesh-proxy (RHSA-2020:0477)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0477 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift...
CVE-2020-8595
Istio versions 1.2.10 End of Life and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...
CVE-2020-8595
CVE-2020-8595 affects Istio: authentication bypass via the Authentication Policy exact-path matching logic in Istio versions 1.2.10 (End of Life) and earlier, 1.3.x up to 1.3.7, and 1.4.x up to 1.4.3. An attacker can gain unauthorized access to HTTP paths configured to require a valid JWT by mani...