CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-34824
https://notcve.org/view.php?id=CVE-2021-34824
29 Jun 2021 — Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. Istio (versiones 1.8.x, 1.9.0-1.9.5 y 1.10.0-1.10.1) contiene una vulnerabilidad explotable de forma remota en la que se puede acceder a las credenciales especificadas en el campo Gateway y DestinationRule credentialName desde diferentes espacios de nombres • https://github.com/rsalmond/CVE-2021-34824 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-31921 – istio/istio: authorization bypass when using AUTO_PASSTHROUGH
https://notcve.org/view.php?id=CVE-2021-31921
20 May 2021 — Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration. Istio antes de la versión 1.8.6 y 1.9.x antes de la versión 1.9.5 contiene una vulnerabilidad explotable de forma remota por la que un cliente externo puede acceder a servicios inesperados en el clúster, saltándose las comprobaciones de autorizac... • https://istio.io/latest/news/security/istio-security-2021-006 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-31920 – istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms
https://notcve.org/view.php?id=CVE-2021-31920
12 May 2021 — Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. Istio versiones anteriores a 1.8.6 y versiones 1.9.x anteriores a 1.9.5 presenta una vulnerabilidad explotable de forma remota en la que una ruta de petición HTTP con múltiples barras o caracteres de barra de escape (%2F o %5C) podría omi... • https://istio.io/latest/news/security/istio-security-2021-005 • CWE-706: Use of Incorrectly-Resolved Name or Reference CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-25014 – istio-pilot: requests to debug api can result in panic
https://notcve.org/view.php?id=CVE-2019-25014
29 Jan 2021 — A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application). Se encontró una desreferencia del puntero NULL en el archivo pkg/proxy/envoy/v2/debug.go en la función getResourceVersion en Istio pilot versiones anteriores a 1.5.0-alpha.0. Si es realizado una petic... • https://bugzilla.redhat.com/show_bug.cgi?id=1919066 • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-16844 – istio: incorrect translation of DENY policy for TCP service
https://notcve.org/view.php?id=CVE-2020-16844
11 Aug 2020 — In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. En Istio versiones 1.5.0 hasta 1.5.8 e Istio versiones 1.6.0 hasta 1.6.7, cuando los usuarios especifican un recurso AuthorizationPolicy con acciones DENY usando sufijos de comodín (por ejemplo, *-some-suffix) para los campos so... • https://github.com/istio/istio/releases • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14306 – openshift-service-mesh/istio-rhel8-operator: control plane can deploy gateway image to any namespace
https://notcve.org/view.php?id=CVE-2020-14306
02 Jul 2020 — An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo de control de acceso incorrecto en el operador, openshif... • https://bugzilla.redhat.com/show_bug.cgi?id=1850380 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10739 – istio/envoy: crafted packet allows remote attacker to cause denial of service
https://notcve.org/view.php?id=CVE-2020-10739
14 May 2020 — Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739 • CWE-476: NULL Pointer Dereference •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-11767
https://notcve.org/view.php?id=CVE-2020-11767
15 Apr 2020 — Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (f... • https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8843
https://notcve.org/view.php?id=CVE-2020-8843
14 Feb 2020 — An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. • https://github.com/istio/istio/commits/master • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-8595 – istio: unauthorised access to JWT protected HTTP path
https://notcve.org/view.php?id=CVE-2020-8595
12 Feb 2020 — Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. Las versiones Istio 1.2.10 (End of Life) y anteriores, 1.3 a 1.3.7, y 1.4 a 1.4.3 permiten la omisión d... • https://access.redhat.com/errata/RHSA-2020:0477 • CWE-285: Improper Authorization CWE-287: Improper Authentication •