CVE-2024-8901
CVSS V2 None
CVSS V3 None
Description
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In uncommon deployments of ALB, wherein endpoints are exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication.
Overview
- CVE ID
- CVE-2024-8901
- Assigner
- AMZN
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-21T23:19:31.138Z
- Last Modified Date
- 2024-10-21T23:38:45.967Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://aws.amazon.com/security/security-bulletins/AWS-2024-011/ | vendor-advisory |
| https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/security/advisories/GHSA-789x-wph8-m68r | third-party-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8901 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8901 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-22 13:07:46 | Added to TrackCVE |