Home > Vulnerability Database > CVE-2020-8664

Mend.io Vulnerability Database

CVE-2020-8664

Good to know:

Date: March 4, 2020

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.

Language: C++

Severity Score

5.3

Related Resources (5)

Url: https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-8664

Url: https://access.redhat.com/errata/RHSA-2020:0734

Url: https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8

Url: https://www.mend.io/vulnerability-database/CVE-2020-8664

Severity Score

5.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 1.12.3,1.13.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-8664

Good to know:

Date: March 4, 2020

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?