CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39388 – Istio may allow identity impersonation if user has localhost access
https://notcve.org/view.php?id=CVE-2022-39388
10 Nov 2022 — Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds. Istio es una plataforma abierta para conectar, administrar y proteger microservicios. • https://github.com/istio/istio/commit/346260e5115e9fbc65ba8a559bc686e6ca046a32 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39278 – Istio vulnerable to denial of service attack due to Golang Regex Library
https://notcve.org/view.php?id=CVE-2022-39278
13 Oct 2022 — Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but do... • https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w • CWE-400: Uncontrolled Resource Consumption •