github.com/istio/proxy is vulnerable to authentication bypass. The vulnerability exists as the Authentication Policy’s exact-path
matching logic allows unauthorized access to HTTP paths using an invalid JWT token.
access.redhat.com/errata/RHSA-2020:0477
access.redhat.com/security/cve/cve-2020-8595
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595
github.com/istio/istio/commits/master
github.com/istio/proxy/commit/859552a762ef7c76e016eacd1d1bdbcecadc7308
github.com/istio/proxy/commit/aaf4262a0427c19f87af3cae34b7f9e4c05fbe2a
istio.io/news/security/
istio.io/news/security/istio-security-2020-001/