Log

CVE-2021-32780 edited at 25 Aug 2021 10:18:35
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an untrusted upstream service could cause Envoy to terminate abnormally by sending the GOAWAY frame followed by the SETTINGS frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. See CVE-2021-32780 for more information.
References
+ https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-32780
CVE-2021-32778 edited at 25 Aug 2021 10:17:56
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an Envoy client opening and then resetting a large number of HTTP/2 requests could lead to excessive CPU consumption. See CVE-2021-32778 for for information.
References
+ https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-32778
CVE-2021-32777 edited at 25 Aug 2021 10:17:22
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that an HTTP request with multiple value headers could do an incomplete authorization policy check when the ext_authz extension is used. When a request header contains multiple values, the external authorization server will only see the last value of the given header. See CVE-2021-32777 for more information.
References
+ https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-32777
AVG-2321 edited at 25 Aug 2021 10:15:50
Issues
+ CVE-2021-32777
+ CVE-2021-32778
+ CVE-2021-32780
+ CVE-2021-32781
CVE-2021-39155
CVE-2021-39156
CVE-2021-32778 created at 25 Aug 2021 10:15:50
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2321 edited at 25 Aug 2021 10:15:50
Issues
+ CVE-2021-32777
+ CVE-2021-32778
+ CVE-2021-32780
+ CVE-2021-32781
CVE-2021-39155
CVE-2021-39156
CVE-2021-32780 created at 25 Aug 2021 10:15:50
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2321 edited at 25 Aug 2021 10:15:50
Issues
+ CVE-2021-32777
+ CVE-2021-32778
+ CVE-2021-32780
+ CVE-2021-32781
CVE-2021-39155
CVE-2021-39156
CVE-2021-32781 created at 25 Aug 2021 10:15:50
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2321 edited at 25 Aug 2021 10:15:50
Issues
+ CVE-2021-32777
+ CVE-2021-32778
+ CVE-2021-32780
+ CVE-2021-32781
CVE-2021-39155
CVE-2021-39156
CVE-2021-32777 created at 25 Aug 2021 10:15:50
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
CVE-2021-39155 edited at 25 Aug 2021 10:14:57
References
https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j
+ https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-39155
https://github.com/istio/istio/commit/90b00bdf891e6c770cb3235c14a9b1fda96cc7c5
CVE-2021-39156 edited at 25 Aug 2021 10:14:22
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ Istio before version 1.11.1 contains a remotely exploitable vulnerability where an HTTP request with #fragment in the path may bypass Istio's URI path based authorization policies.
+
+ For instance, an Istio authorization policy denies requests sent to the URI path /user/profile. In the vulnerable versions, a request with URI path /user/profile#section1 bypasses the deny policy and routes to the backend (with the normalized URI path /user/profile%23section1), possibly leading to a security incident.
References
+ https://github.com/istio/istio/security/advisories/GHSA-hqxw-mm44-gc4r
+ https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-39156-cve-2021-32779
+ https://github.com/istio/istio/commit/90b00bdf891e6c770cb3235c14a9b1fda96cc7c5
Notes
AVG-2321 edited at 25 Aug 2021 10:11:05
Severity
- Unknown
+ High
CVE-2021-39155 edited at 25 Aug 2021 10:11:05
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A security issue has been found in Istio before version 1.11.1. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed.
+
+ As an example, the user may have an authorization policy that rejects request with hostname "httpbin.foo" for some source IPs, but the attacker can bypass this by sending the request with hostname "Httpbin.Foo".
References
+ https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j
+ https://github.com/istio/istio/commit/90b00bdf891e6c770cb3235c14a9b1fda96cc7c5
Notes