First published: Thu Feb 13 2020(Updated: )
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/envoy | <1.13.1 | 1.13.1 |
Envoyproxy Envoy | <1.12.3 | |
Envoyproxy Envoy | >=1.13.0<1.13.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-8660 is medium with a CVSS score of 5.3.
To fix CVE-2020-8660, upgrade to Envoy version 1.13.1 or higher.
The affected software for CVE-2020-8660 is Envoy versions up to and including 1.13.0.
There are no known exploits for CVE-2020-8660 at this time.
You can find more information about CVE-2020-8660 in the Red Hat Security Advisory RHSA-2020:0734 and the EnvoyProxy GitHub security advisory GHSA-c4g8-7grc-5wvx.