CVE-2020-8595 – istio: unauthorised access to JWT protected HTTP path
https://notcve.org/view.php?id=CVE-2020-8595
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. Las versiones Istio 1.2.10 (End of Life) y anteriores, 1.3 a 1.3.7, y 1.4 a 1.4.3 permiten la omisión de autenticación. • https://access.redhat.com/errata/RHSA-2020:0477 https://access.redhat.com/security/cve/cve-2020-8595 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595 https://github.com/istio/istio/commits/master https://istio.io/news/security https://istio.io/news/security/istio-security-2020-001 https://access.redhat.com/security/cve/CVE-2020-8595 https://bugzilla.redhat.com/show_bug.cgi?id=1798247 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2019-18817
https://notcve.org/view.php?id=CVE-2019-18817
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. Istio versiones 1.3.x anteriores a 1.3.5, permite una Denegación de Servicio porque continue_on_listener_filters_timeout está establecido en True, un problema relacionado con CVE-2019-18836. • https://github.com/istio/istio/issues/18229 https://istio.io/news/2019/announcing-1.3.5 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-18836
https://notcve.org/view.php?id=CVE-2019-18836
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." Envoy versión 1.12.0 permite una denegación de servicio remota debido a bucles de recursos, como es demostrado por una conexión TCP inactiva que es capaz de mantener un subproceso o hilo de trabajo en un bucle ocupado infinito cuando la función continue_on_listener_filters_timeout es usada. • https://blog.envoyproxy.io https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46 https://github.com/istio/istio/issues/18229 https://groups.google.com/forum/#%21forum/envoy-users • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-14993
https://notcve.org/view.php?id=CVE-2019-14993
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. Istio antes de 1.1.13 y 1.2.x antes de 1.2.4 maneja mal las expresiones regulares para URI largos, lo que lleva a una denegación de servicio durante el uso de la API JWT, VirtualService, HTTPAPISpecBinding o QuotaSpecBinding. • https://discuss.istio.io/t/upcoming-security-updates-in-istio-1-2-4-and-1-1-13/3383 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164 https://github.com/envoyproxy/envoy/issues/7728 https://istio.io/blog/2019/istio-security-003-004 • CWE-185: Incorrect Regular Expression •
CVE-2019-12995
https://notcve.org/view.php?id=CVE-2019-12995
Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault. stio anterior a versión 1.2.2, maneja inapropiadamente ciertos tokens de acceso, lo que conlleva a que "Epoch 0 terminated with an error" en Envoy. Esto está relacionado con un fallo de segmentación en el archivo jwt_authenticator.cc. • https://github.com/istio/istio.io/pull/4555 https://github.com/istio/istio/issues/15084 https://istio.io/about/notes • CWE-476: NULL Pointer Dereference •