Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift service mesh vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-3495
An incorrect access control flaw was found in the kiali-operator in versions prior to 1.33.0 and prior to 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in...
Netlify Kiali-operator
Redhat Openshift Service Mesh 1.0
Redhat Openshift Service Mesh 2.0
7.8
CVSSv3
CVE-2020-1704
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) prior to 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd an...
Redhat Openshift Service Mesh
8.3
CVSSv3
CVE-2019-9900
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorize...
Envoyproxy Envoy
Redhat Openshift Service Mesh -
1 Github repository
9.8
CVSSv3
CVE-2021-3586
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and...
Redhat Openshift Service Mesh 2.0
Redhat Servicemesh-operator 2.0.5.1
8.6
CVSSv3
CVE-2020-1762
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to vi...
Kiali Kiali
Redhat Openshift Service Mesh 1.0
8.6
CVSSv3
CVE-2020-1764
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions before 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges t...
Kiali Kiali
Redhat Openshift Service Mesh 1.0
1 Github repository
7.5
CVSSv3
CVE-2020-8661
CNCF Envoy up to and including 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
Cncf Envoy
Redhat Openshift Service Mesh 1.0.9
4.3
CVSSv3
CVE-2022-3962
A content spoofing vulnerability was found in Kiali. It exists that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an malicious user to perform arbitrary text injection when an error response is retrieved from t...
Kiali Kiali -
Redhat Openshift Service Mesh 2.3.1
7.3
CVSSv3
CVE-2020-8595
Istio versions 1.2.10 (End of Life) and prior, 1.3 up to and including 1.3.7, and 1.4 up to and including 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only acc...
Istio Istio
Redhat Openshift Service Mesh 1.0
6.5
CVSSv3
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot prior to 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to t...
Istio Istio
Redhat Openshift Service Mesh 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »