AVG-1947 log

Package istio
Status Fixed
Severity Critical
Type multiple issues
Affected 1.9.2-1
Fixed 1.10.0-1
Current 1.12.1-1 [community]
Ticket FS#70808
Created Wed May 12 07:22:18 2021
Issue Severity Remote Type Description
CVE-2021-31921 Critical Yes Authentication bypass
Istio before version 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing...
CVE-2021-31920 High Yes Authentication bypass
Istio before version 1.9.5 contains a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F...
CVE-2021-29492 High Yes Authentication bypass
Envoy before version 1.18.3, and subsequently Istio before version 1.9.5, contains a remotely exploitable authorization bypass vulnerability. An attacker...
CVE-2021-29258 High Yes Denial of service
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable vulnerability where an HTTP2 request with an empty...
CVE-2021-28683 High Yes Denial of service
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable NULL pointer dereference and crash in TLS when an...
CVE-2021-28682 High Yes Arbitrary code execution
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable integer overflow in which a very large...