CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8664 – envoy: Incorrect Access Control when using SDS with Combined Validation Context
https://notcve.org/view.php?id=CVE-2020-8664
04 Mar 2020 — CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump. CNCF Envoy versiones hasta 1.13.0, presenta un Control de Acceso incorrecto cuando se usa SDS con Contexto de Comprobación Combinada. Al utilizar el mismo secreto (por e... • https://access.redhat.com/errata/RHSA-2020:0734 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8661 – envoy: Response flooding for HTTP/1.1
https://notcve.org/view.php?id=CVE-2020-8661
04 Mar 2020 — CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. CNCF Envoy versiones hasta 1.13.0, puede consumir cantidades excesivas de memoria cuando responde internamente a peticiones en tuberías "pipelined". A resource consumption vulnerability was found in the servicemesh-proxy in Envoy. An attacker could use pipelined requests to cause excessive amounts of memory to be used, possibly degrading or crashing the application. Red Hat OpenShift Service M... • https://access.redhat.com/errata/RHSA-2020:0734 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8659 – envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1
https://notcve.org/view.php?id=CVE-2020-8659
04 Mar 2020 — CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. CNCF Envoy versiones hasta 1.13.0, puede consumir cantidades excesivas de memoria cuando se hace proxy a peticiones o respuestas HTTP/1.1 con muchos fragmentos pequeños (es decir, 1 byte). A resource consumption vulnerability was found in the servicemesh-proxy in Envoy. An attacker could send specially crafted small HTTP/1.1 packets that, when processed, could ... • https://access.redhat.com/errata/RHSA-2020:0734 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •