A flaw was found in Envoy. The OAuth filter does not include an implementation for validating access tokens, allowing remote attackers to bypass authentication to Envoy by providing any token value.
A flaw was found in Envoy. The OAuth filter does not include an implementation for validating access tokens, allowing remote attackers to bypass authentication to Envoy by providing any token value.
There is no known mitigation for this flaw.