{"uuid": "568e3126-9e28-4fd0-b7e5-d2624d7951c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-8901", "type": "seen", "source": "https://t.me/cvedetector/8588", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-8901 - AWS ALB Route Directive Adapter For Istio JWT Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-8901 \nPublished : Oct. 22, 2024, 12:15 a.m. | 29\u00a0minutes ago \nDescription : The  AWS ALB Route Directive Adapter For Istio repo   provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In uncommon deployments of ALB, wherein endpoints are exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T02:54:43.000000Z"}