x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8660 #2308
Labels
excluded: LEGACY_FALSE_POSITIVE
(DO NOT USE) Vulnerability marked as false positive before we introduced the triage process
CVE-2020-8660 references github.com/envoyproxy/envoy, which may be a Go module.
Description:
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: