CVE-2020-8664

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8664
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8664.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-8664
Related
  • GHSA-3x9m-pgmg-xpx8
Published
2020-03-04T21:15:11Z
Modified
2025-02-14T11:20:50.113025Z
Downstream
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.

References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v1.*

v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0