CVE-2020-8664

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8664

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8664.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-8664

Related

GHSA-3x9m-pgmg-xpx8

Published

2020-03-04T21:15:11Z

Modified

2025-02-14T11:20:50.113025Z

Downstream

RHSA-2020:0734

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.

References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type: GIT
Repo: https://github.com/envoyproxy/envoy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bb7ceff4c3c5bd4555dff28b6e56d27f2f8be0a7

Affected versions

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0