ISTIO-SECURITY-2020-003

Two uncontrolled resource consumption and two incorrect access control vulnerabilities in Envoy.

Mar 3, 2020

Disclosure Details
CVE(s)CVE-2020-8659
CVE-2020-8660
CVE-2020-8661
CVE-2020-8664
CVSS Impact Score7.5
Affected Releases1.4 to 1.4.5

Envoy, and subsequently Istio are vulnerable to four newly discovered vulnerabilities:

Mitigation

Reporting vulnerabilities

We’d like to remind our community to follow the vulnerability reporting process to report any bug that can result in a security vulnerability.