CVE-2020-8595

Name of the Vulnerable Software and Affected Versions Istio versions 1.2.10 and prior Istio versions 1.3 through 1.3.7 Istio versions 1.4 through 1.4.3

Description The issue is related to authentication bypass in Istio, where the Authentication Policy exact-path matching logic can be exploited to allow unauthorized access to HTTP paths. This can occur even if the paths are configured to require a valid JWT token for access. An attacker can manipulate the URI by adding characters such as ? or # to bypass the exact-path match. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Istio versions 1.2.10 and prior, update to a version that is not end-of-life to mitigate the risk. For Istio versions 1.3 through 1.3.7, update to a version later than 1.3.7. For Istio versions 1.4 through 1.4.3, update to a version later than 1.4.3. As a temporary workaround, consider restricting access to sensitive HTTP paths until a patch is available.