Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-21378

No description is available for this CVE.

Source

Description

No description is available for this CVE.

Statement

Only version 1.9.0 of upstream Istio is affected by the vulnerability. As such even tho OpenShift ServiceMesh (OSSM) does package Istio, it is only v1.6.14 and hence is not affected.

Mitigation

For Istio specifically, please see the mitigation documented upstream: https://istio.io/latest/news/security/istio-security-2021-001/#mitigation

Additional Information

Bugzilla 1933681: CVE-2021-21378 envoyproxy/envoy: JWT validation bypass when allow_missing is used
CWE-287: Improper Authentication
FAQ: Frequently asked questions about CVE-2021-21378

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21378

Description

Statement

Mitigation

Additional Information

Vulmon Search

About

Products

Connect