CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-11767
https://notcve.org/view.php?id=CVE-2020-11767
15 Apr 2020 — Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (f... • https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8843
https://notcve.org/view.php?id=CVE-2020-8843
14 Feb 2020 — An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. • https://github.com/istio/istio/commits/master • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-8595 – istio: unauthorised access to JWT protected HTTP path
https://notcve.org/view.php?id=CVE-2020-8595
12 Feb 2020 — Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. Las versiones Istio 1.2.10 (End of Life) y anteriores, 1.3 a 1.3.7, y 1.4 a 1.4.3 permiten la omisión d... • https://access.redhat.com/errata/RHSA-2020:0477 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18817
https://notcve.org/view.php?id=CVE-2019-18817
12 Nov 2019 — Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. Istio versiones 1.3.x anteriores a 1.3.5, permite una Denegación de Servicio porque continue_on_listener_filters_timeout está establecido en True, un problema relacionado con CVE-2019-18836. • https://github.com/istio/istio/issues/18229 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2019-18836
https://notcve.org/view.php?id=CVE-2019-18836
11 Nov 2019 — Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." Envoy versión 1.12.0 permite una denegación de servicio remota debido a bucles de recursos, como es demostrado por una conexión TCP inactiva que es capaz de mantener un subproceso o hilo de trabajo en un bucle ocupado infinito cuando la función continue_on_listener_filters_time... • https://blog.envoyproxy.io • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •