An authorization bypass vulnerability was found in istio/istio. The case insensitive host comparison incorrectly works when evaluating rules specified with `host` or `notHost`. This flaw allows an malicious user to bypass an Istio authorization policy that uses hosts in the rules, potentially gaining access to the downstream services. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
istio istio |