CVE-2020-8664
Summary
| CVE | CVE-2020-8664 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-03-04 21:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Incorrect Access Control when using SDS with Combined Validation Context · Advisory · envoyproxy/envoy · GitHub | MISC | github.com | Third Party Advisory |
| Version history — envoy tag-v1.13.1 documentation | CONFIRM | www.envoyproxy.io | Release Notes, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.