Published: 24/08/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An authorization bypass vulnerability was found in istio/istio. An HTTP request is incorrectly evaluated when a URI #fragment is specified. This flaw allows an malicious user to bypass an Istio URI-based authorization rule. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
istio istio

An authorization bypass vulnerability was found in istio/istio An HTTP request is incorrectly evaluated when a URI #fragment is specified This flaw allows an attacker to bypass an Istio URI-based authorization rule The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability ...

Istio before version 1111 contains a remotely exploitable vulnerability where an HTTP request with #fragment in the path may bypass Istio's URI path based authorization policies For instance, an Istio authorization policy denies requests sent to the URI path /user/profile In the vulnerable versions, a request with URI path /user/profile#sectio ...

CWE-706 https://istio.io/latest/news/security/istio-security-2021-008 https://github.com/istio/istio/security/advisories/GHSA-hqxw-mm44-gc4r https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-39156

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-39156

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect