CVE-2020-8595

Istio versions 1.2.10 End of Life and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...

Authentication flaw

Istio versions 1.2.10 End of Life and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...

CVE-2020-8595

CVE-2020-8595 affects Istio: authentication bypass via the Authentication Policy exact-path matching logic in Istio versions 1.2.10 (End of Life) and earlier, 1.3.x up to 1.3.7, and 1.4.x up to 1.4.3. An attacker can gain unauthorized access to HTTP paths configured to require a valid JWT by mani...

CVE-2020-8595

Istio versions 1.2.10 End of Life and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...