CVE-2021-31921 - log back

CVE-2021-31921 edited at 12 May 2021 07:28:28
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Authentication bypass
Description
+ Istio before version 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
References
+ https://istio.io/latest/news/security/istio-security-2021-006/
+ https://github.com/istio/istio/commit/04d2c8b72be1d9ebae5d6e06c41ba2ae3d3d54b4
Notes
CVE-2021-31921 created at 12 May 2021 07:22:18