Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-31921 - log back

CVE-2021-31921 edited at 12 May 2021 07:28:28

Severity

-	Unknown
+	Critical

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Authentication bypass

Description

+	Istio before version 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.

References

+	https://istio.io/latest/news/security/istio-security-2021-006/
+	https://github.com/istio/istio/commit/04d2c8b72be1d9ebae5d6e06c41ba2ae3d3d54b4

Notes

CVE-2021-31921 created at 12 May 2021 07:22:18