Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIstio
APPIstio< 1.8.61.9.0 – 1.9.5 (bez)
Related vulnerabilities
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a...
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior...
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and t...
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed header...
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control...