Published: 27/05/2021 Updated: 12/07/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
istio istio

An authorization bypass flaw was found in Istio This flaw allows an attacker to craft an HTTP request that defines a certain pattern of escaped characters in the URI path (such as %2F, %2f, %5C, or %5c), allowing them to bypass the authorization service The highest threat from this vulnerability is to data confidentiality and integrity as well as ...

Istio before version 195 contains a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used ...

CWE-706 https://istio.io/latest/news/security/istio-security-2021-005/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-31920

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-31920

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect