Authentication Bypass
Discription

github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The vulnerability is caused due to downstream clients being able to force invalid gRPC requests to ext_authz, thereby circumventing ext_authz checks when failure_mode_allow is set to true. This leads to external authentication getting bypassed by downstream connections which compromises confidentiality of the…Read More

Back to Main

Subscribe for the latest news: