Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
istio istio vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-18836
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
Envoyproxy Envoy 1.12.0
Istio Istio
6.5
CVSSv2
CVE-2020-14306
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions up to and including 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially ga...
Istio-operator Project Istio-operator
7.5
CVSSv2
CVE-2020-8595
Istio versions 1.2.10 (End of Life) and prior, 1.3 up to and including 1.3.7, and 1.4 up to and including 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only acc...
Istio Istio
Redhat Openshift Service Mesh 1.0
4
CVSSv2
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot prior to 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to t...
Istio Istio
Redhat Openshift Service Mesh 1.0
7.5
CVSSv2
CVE-2019-9900
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorize...
Envoyproxy Envoy
Redhat Openshift Service Mesh -
1 Github repository
7.5
CVSSv2
CVE-2019-9901
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond ...
Envoyproxy Envoy
1 Github repository
4.6
CVSSv2
CVE-2020-1704
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) prior to 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd an...
Redhat Openshift Service Mesh
7.5
CVSSv2
CVE-2020-1764
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions before 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges t...
Kiali Kiali
Redhat Openshift Service Mesh 1.0
1 Github repository
7.5
CVSSv2
CVE-2020-1762
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to vi...
Kiali Kiali
Redhat Openshift Service Mesh 1.0
5
CVSSv2
CVE-2021-29258
An issue exists in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
Envoyproxy Envoy 1.17.1
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.15.3
Envoyproxy Envoy 1.14.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »