CVE-2021-39155

2021-08-24T22:15:06
ID RH:CVE-2021-39155
Type redhatcve
Reporter redhat.com
Modified 2021-09-01T10:02:44

Description

An authorization bypass vulnerability was found in istio/istio. The case insensitive host comparison incorrectly works when evaluating rules specified with host or notHost. This flaw allows an attacker to bypass an Istio authorization policy that uses hosts in the rules, potentially gaining access to the downstream services. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.