ISTIO-SECURITY-2020-001

Authentication Policy bypass.

Feb 11, 2020

Disclosure Details
CVE(s)CVE-2020-8595
CVSS Impact Score9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Releases1.3 to 1.3.7
1.4 to 1.4.3

Istio 1.3 to 1.3.7 and 1.4 to 1.4.3 are vulnerable to a newly discovered vulnerability affecting Authentication Policy:

Mitigation

Credit

The Istio team would like to thank Aspen Mesh for the original bug report and code fix of CVE-2020-8595.

Reporting vulnerabilities

We’d like to remind our community to follow the vulnerability reporting process to report any bug that can result in a security vulnerability.