Is CVE-2020-8595 actively exploited?

CVE-2020-8595 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-8595?

CVE-2020-8595 has a CVSS score of 7.3 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

How do I patch CVE-2020-8595?

Patch guidance is available from istio security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-8595.

Fix CVE-2020-8595 - HIGH istio istio

Q: Which products are affected by CVE-2020-8595?

3 products: istio istio, istio istio, redhat openshift service mesh.

Description

Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
Weaknesses: CWE-287 · Improper Authentication

Metadata

Primary Vendor: ISTIO
Published: 2/12/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

istio : istioistio : istioredhat : openshift_service_mesh

Remediation Guidance

Executive Summary

Cite this page

CVE-2020-8595. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2020-8595

View on NIST NVD

CVE-2020-8595 vulnerability