CVE-2024-8901
CVE-2024-8901 concerns the AWS ALB Route Directive Adapter for Istio, which integrated OIDC-like JWT authentication into Kubeflow. The issue arises from missing signer and issuer validation for JWTs, allowing an attacker to spoof OIDC sessions by presenting a JWT signed by an untrusted entity. Th...