Vulnerabilities > CVE-2020-8664 - Incorrect Authorization vulnerability in Cncf Envoy 1.13.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cncf
CWE-863
nessus
NVD
Published: 2020-03-04
Updated: 2021-07-21

Summary

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.

Vulnerable Configurations

Part Description Count
Application
Cncf
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0229_ENVOY.NASL
    descriptionAn update of the envoy package has been released.
    last seen2020-04-30
    modified2020-04-22
    plugin id135867
    published2020-04-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135867
    titlePhoton OS 2.0: Envoy PHSA-2020-2.0-0229
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0734.NASL
    descriptionRed Hat OpenShift Service Mesh 1.0.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Service Mesh is Red Hat
    last seen2020-03-18
    modified2020-03-09
    plugin id134345
    published2020-03-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134345
    titleRHEL 8 : openshift (RHSA-2020:0734)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0290_ENVOY.NASL
    descriptionAn update of the envoy package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136105
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136105
    titlePhoton OS 1.0: Envoy PHSA-2020-1.0-0290

Redhat

advisories
rhsa
idRHSA-2020:0734
rpmsservicemesh-proxy-0:1.0.9-2.el8

References