Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
istio istio vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-31045
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an ...
Istio Istio 1.14.0
Istio Istio
8.8
CVSSv3
CVE-2022-21701
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create ot...
Istio Istio 1.12.0
Istio Istio 1.12.1
9.8
CVSSv3
CVE-2022-21679
Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or rejected unexpectedly for DENY action during the upgrade from 1.11 to 1.12.0/1.12...
Istio Istio 1.12.0
Istio Istio 1.12.1
6.5
CVSSv3
CVE-2021-31920
Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Istio Istio
9.8
CVSSv3
CVE-2021-31921
Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
Istio Istio
7.5
CVSSv3
CVE-2019-12995
Istio prior to 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.
Istio Istio
7.5
CVSSv3
CVE-2019-12243
Istio 1.1.x up to and including 1.1.6 has Incorrect Access Control.
Istio Istio
7.5
CVSSv3
CVE-2019-18817
Istio 1.3.x prior to 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
Istio Istio
7.5
CVSSv3
CVE-2021-39155
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy sho...
Istio Istio
7.5
CVSSv3
CVE-2022-23635
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane cra...
Istio Istio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »