Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
istio istio vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-31045
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an ...
Istio Istio 1.14.0
Istio Istio
9.8
CVSSv3
CVE-2022-21679
Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or rejected unexpectedly for DENY action during the upgrade from 1.11 to 1.12.0/1.12...
Istio Istio 1.12.0
Istio Istio 1.12.1
8.8
CVSSv3
CVE-2022-21701
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create ot...
Istio Istio 1.12.0
Istio Istio 1.12.1
7.5
CVSSv3
CVE-2019-12243
Istio 1.1.x up to and including 1.1.6 has Incorrect Access Control.
Istio Istio
7.4
CVSSv3
CVE-2020-8843
An issue exists in Istio 1.3 up to and including 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selecti...
Istio Istio
6.8
CVSSv3
CVE-2020-16844
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 up to and including 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the i...
Istio Istio
6.5
CVSSv3
CVE-2021-31920
Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Istio Istio
7.5
CVSSv3
CVE-2022-24726
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crash...
Istio Istio
7.5
CVSSv3
CVE-2019-12995
Istio prior to 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.
Istio Istio
7.5
CVSSv3
CVE-2020-10739
Istio 1.4.x prior to 1.4.9 and Istio 1.5.x prior to 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingres...
Istio Istio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »