CVE-2024-8901 – The AWS ALB Route Directive Adapter For Istio repo …

22 October 2024

Vuln ID: CVE-2024-8901

Published: 2024-10-22 00:15:03.667

Description: The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In uncommon deployments of ALB, wherein endpoints are exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication.

Base Score: 7.5 – HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Source: NVD.NIST.GOV

Date:

22 October 2024

Categorie(s):

NVD

Tag(s):

NVD

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies22 October 2024
Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor22 October 2024
Meta to Fight Celeb-Bait Scams with Facial Recognition22 October 2024
Best practices on securing your AI deployment22 October 2024
GenAI surges in law firms: Will it spell the end of the billable hour?22 October 2024