Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31920 | 1 Istio | 1 Istio | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. | |||||
| CVE-2019-25014 | 2 Istio, Redhat | 2 Istio, Openshift Service Mesh | 2021-02-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application). | |||||
| CVE-2020-16844 | 1 Istio | 1 Istio | 2020-10-15 | 4.9 MEDIUM | 6.8 MEDIUM |
| In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. | |||||