A vulnerability was found in Envoy. where TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
Acknowledgments: Name: The Envoy Security Team
This issue has been addressed in the following products: OpenShift Service Mesh 1.0 Via RHSA-2020:0734 https://access.redhat.com/errata/RHSA-2020:0734
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8660
External References: https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx