Lucene search
Veracode Vulnerability DatabaseVERACODE:22500HistoryFeb 13, 2020 - 6:03 a.m.
Authentication Bypass
2020-02-1306:03:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
EPSS
0.003
Percentile
71.5%
github.com/istio/proxy is vulnerable to authentication bypass. The vulnerability exists as the Authentication Policy’s exact-path matching logic allows unauthorized access to HTTP paths using an invalid JWT token.
References
access.redhat.com/errata/RHSA-2020:0477
access.redhat.com/security/cve/cve-2020-8595
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595
github.com/istio/istio/commits/master
github.com/istio/proxy/commit/859552a762ef7c76e016eacd1d1bdbcecadc7308
github.com/istio/proxy/commit/aaf4262a0427c19f87af3cae34b7f9e4c05fbe2a
istio.io/news/security/
istio.io/news/security/istio-security-2020-001/
Related
nvd
nvd
CVE-2020-8595
2020-02-12 15:15:14
cve
cve
CVE-2020-8595
2020-02-12 15:15:14
redhat
redhat
prion
prion
Authentication flaw
2020-02-12 15:15:00
osv
osv
CVE-2020-8595
2020-02-12 15:15:14
nessus
nessus
redhatcve
redhatcve
CVE-2020-8595
2020-02-11 20:38:22
cvelist
cvelist
CVE-2020-8595
2020-02-12 14:10:15