cve/CVE-2020-8595.md at 555e9c7de4cd05afceb29c861f75c943c3c8d5d4

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match.

POC

Reference

https://github.com/istio/istio/commits/master

Github

https://github.com/43622283/awesome-cloud-native-security
https://github.com/Metarget/awesome-cloud-native-security
https://github.com/Metarget/cloud-native-security-book
https://github.com/atesemre/awesome-cloud-native-security
https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document
https://github.com/reni2study/Cloud-Native-Security2
https://github.com/tom0li/collection-document

1.2 KiB Raw Blame History

CVE-2020-8595

Description

POC

Reference

Github

1.2 KiB

Raw Blame History