Unrated severityNVD Advisory· Published Mar 4, 2020· Updated Aug 4, 2024
CVE-2020-8664
CVE-2020-8664
Description
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CNCF/Envoydescription
- Range: <=1.13.0
Patches
Vulnerability mechanics
References
3- access.redhat.com/errata/RHSA-2020:0734mitrevendor-advisoryx_refsource_REDHAT
- github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8mitrex_refsource_MISC
- www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_historymitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.