Access Token Mishandling in Istio 1.2.2: Exploitable Segmentation Fault in jwt_authenticator.cc

Access Token Mishandling in Istio 1.2.2: Exploitable Segmentation Fault in jwt_authenticator.cc

CVE-2019-12995 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.

Learn more about our Web Application Penetration Testing UK.