Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
istio istio vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-31045
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an ...
Istio Istio 1.14.0
Istio Istio
6
CVSSv2
CVE-2022-21701
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create ot...
Istio Istio 1.12.0
Istio Istio 1.12.1
7.5
CVSSv2
CVE-2022-21679
Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or rejected unexpectedly for DENY action during the upgrade from 1.11 to 1.12.0/1.12...
Istio Istio 1.12.0
Istio Istio 1.12.1
5
CVSSv2
CVE-2019-18817
Istio 1.3.x prior to 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
Istio Istio
4.9
CVSSv2
CVE-2020-16844
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 up to and including 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the i...
Istio Istio
5
CVSSv2
CVE-2021-39155
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy sho...
Istio Istio
5
CVSSv2
CVE-2020-10739
Istio 1.4.x prior to 1.4.9 and Istio 1.5.x prior to 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingres...
Istio Istio
4
CVSSv2
CVE-2021-31920
Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Istio Istio
6.8
CVSSv2
CVE-2021-31921
Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
Istio Istio
6.5
CVSSv2
CVE-2021-34824
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.
Istio Istio
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »