1802542 – (CVE-2020-8664) CVE-2020-8664 envoy: Incorrect Access Control when using SDS with Combined Validation Context

Bug 1802542 (CVE-2020-8664) - CVE-2020-8664 envoy: Incorrect Access Control when using SDS with Combined Validation Context

Summary: CVE-2020-8664 envoy: Incorrect Access Control when using SDS with Combined Va...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-8664
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1802569
TreeView+	depends on / blocked

Reported:	2020-02-13 11:37 UTC by Dhananjay Arunesh
Modified:	2021-02-16 20:34 UTC (History)
CC List:	3 users (show)
Fixed In Version:	envoy 1.13.1
Doc Type:	If docs needed, set a value
Doc Text:	An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions.
Clone Of:
Environment:
Last Closed:	2020-03-05 22:31:47 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:0734	0	None	None	None	2020-03-05 19:00:19 UTC

Description Dhananjay Arunesh 2020-02-13 11:37:34 UTC

A vulnerability was found in Envoy, where using SDS with Combined Validation Context Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.

Comment 2 Mark Cooper 2020-02-24 04:41:40 UTC

Acknowledgments:

Name: The Envoy Security Team

Comment 3 errata-xmlrpc 2020-03-05 19:00:18 UTC

This issue has been addressed in the following products:

  OpenShift Service Mesh 1.0

Via RHSA-2020:0734 https://access.redhat.com/errata/RHSA-2020:0734

Comment 4 Product Security DevOps Team 2020-03-05 22:31:47 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8664

Comment 5 Mark Cooper 2020-03-08 22:18:58 UTC

External References:

https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8

Note You need to log in before you can comment on or make changes to this bug.