istio

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Istio configuration command line utility for service operators to debug and diagnose their Istio mesh.
Version 1.9.1-2 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1947 1.9.1-2 Critical Vulnerable FS#70808
Issue Group Severity Remote Type Description
CVE-2021-31921 AVG-1947 Critical Yes Authentication bypass
Istio before version 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing...
CVE-2021-31920 AVG-1947 High Yes Authentication bypass
Istio before version 1.9.5 contains a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F...
CVE-2021-29492 AVG-1947 High Yes Authentication bypass
Envoy before version 1.18.3, and subsequently Istio before version 1.9.5, contains a remotely exploitable authorization bypass vulnerability. An attacker...
CVE-2021-29258 AVG-1947 High Yes Denial of service
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable vulnerability where an HTTP2 request with an empty...
CVE-2021-28683 AVG-1947 High Yes Denial of service
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable NULL pointer dereference and crash in TLS when an...
CVE-2021-28682 AVG-1947 High Yes Arbitrary code execution
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable integer overflow in which a very large...