CVE-2020-8660

Name of the Vulnerable Software and Affected Versions CNCF Envoy versions prior to 1.13.0

Description The issue is related to insufficient authentication of data in the Envoy network software. It allows a remote attacker to bypass security restrictions by using only TLS 1.3, which could lead to unauthorized access to protected information. The TLS inspector could be bypassed, and connections might be matched to the wrong filter chain, potentially bypassing some security restrictions.

Recommendations For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of TLS 1.3 until a patch is available. Restrict access to the TLS inspector to minimize the risk of exploitation. Avoid using the TLS extensions (SNI, ALPN) in the affected connections until the issue is resolved.