In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 up to and including 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
istio istio |