CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10739 – istio/envoy: crafted packet allows remote attacker to cause denial of service
https://notcve.org/view.php?id=CVE-2020-10739
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service. Istio versiones 1.4.x anteriores a 1.4.9 e Istio versiones 1.5.x anteriores a 1.5.4, contienen la siguiente vulnerabilidad cuando se habilita la telemetry v2: al enviar un paquete especialmente diseñado, un atacante podría desencadenar una Excepción de Puntero Null resultando en una Denegación de Servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739 https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633 https://istio.io/news/security/istio-security-2020-005 https://access.redhat.com/security/cve/CVE-2020-10739 https://bugzilla.redhat.com/show_bug.cgi?id=1833184 • CWE-476: NULL Pointer Dereference •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-11767
https://notcve.org/view.php?id=CVE-2020-11767
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. • https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5 https://github.com/envoyproxy/envoy/issues/6767 https://github.com/istio/istio/issues/13589 https://github.com/istio/istio/issues/9429 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8843
https://notcve.org/view.php?id=CVE-2020-8843
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. • https://github.com/istio/istio/commits/master https://istio.io/news/security https://istio.io/news/security/istio-security-2020-002 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8595 – istio: unauthorised access to JWT protected HTTP path
https://notcve.org/view.php?id=CVE-2020-8595
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. Las versiones Istio 1.2.10 (End of Life) y anteriores, 1.3 a 1.3.7, y 1.4 a 1.4.3 permiten la omisión de autenticación. • https://access.redhat.com/errata/RHSA-2020:0477 https://access.redhat.com/security/cve/cve-2020-8595 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595 https://github.com/istio/istio/commits/master https://istio.io/news/security https://istio.io/news/security/istio-security-2020-001 https://access.redhat.com/security/cve/CVE-2020-8595 https://bugzilla.redhat.com/show_bug.cgi?id=1798247 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18817
https://notcve.org/view.php?id=CVE-2019-18817
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. Istio versiones 1.3.x anteriores a 1.3.5, permite una Denegación de Servicio porque continue_on_listener_filters_timeout está establecido en True, un problema relacionado con CVE-2019-18836. • https://github.com/istio/istio/issues/18229 https://istio.io/news/2019/announcing-1.3.5 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •