The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In uncommon deployments of ALB, wherein endpoints are exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication.
References
Configurations
No configuration.
History
22 Oct 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-22 00:15
Updated : 2024-10-22 00:15
NVD link : CVE-2024-8901
Mitre link : CVE-2024-8901
CVE.ORG link : CVE-2024-8901
JSON object : View
Products Affected
No product.
CWE
CWE-290
Authentication Bypass by Spoofing