Lucene search
K

5 matches found

NVD
NVD
added 2026/03/10 10:16 p.m.7 views

CVE-2026-31838

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

6.9CVSS0.00214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:58 p.m.2 views

CVE-2026-31838

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

6.9CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 9:57 p.m.1 views

CVE-2026-31837 Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 9:57 p.m.4 views

CVE-2026-31837 Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References3
CNVD
CNVD
added 2020/04/15 12:0 a.m.3 views

Envoy and Istio Information Disclosure Vulnerabilities

Envoy is an open source distributed proxy server.Istio is an open platform for connecting, managing and securing microservices. An information disclosure vulnerability exists in Istio 1.5.1 and earlier versions and Envoy 1.14.1 and earlier versions. An attacker can exploit the vulnerability to...

3.1CVSS6.2AI score0.01774EPSS
Exploits1
Rows per page
Query Builder