Lucene search
K

41 matches found

NVD
NVD
added 2026/05/07 6:16 a.m.23 views

CVE-2026-41413

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

7.7CVSS0.00329EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 4:18 a.m.38 views

CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS0.00329EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/07 4:18 a.m.10 views

CVE-2026-41413

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00329EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/07 4:18 a.m.16 views

EUVD-2026-28315

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 9:58 p.m.8 views

EUVD-2026-10939

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

6.9CVSS5.8AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 9:58 p.m.23 views

CVE-2026-31838

CVE-2026-31838 describes a vulnerability in Istio where an Envoy RBAC header matching could bypass authorization when policies rely on HTTP headers with multiple values. Affected are Istio deployments using Envoy before versions 1.29.1, 1.28.5, or 1.27.8. An attacker could craft requests with mul...

6.9CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:57 p.m.4 views

CVE-2026-31837

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Istio 信息泄露漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.29.1, 1.28.5, and 1.27.8 have a vulnerability related to information leakage. This vulnerability arises from the JWKS resolver being unavailable or failing to retrieve values, exposin...

8.7CVSS7.3AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/15 7:18 p.m.18 views

CVE-2026-23766

...

0.00036EPSS
Exploits0
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.4 views

Istio parameter injection vulnerability

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.2 have a parameter injection vulnerability. This vulnerability stems from the ability to inject iptables rules through annotations, thereby changing the firewall’s behavior...

5.8AI score0.00036EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.5 views

CVE-2019-12995

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwtauthenticator.cc segmentation fault...

7.5CVSS6.8AI score0.02193EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-3162

Malware in sbrugna...

7.5CVSS7.4AI score0.02331EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-21471

Malware in sbrugna...

8.8CVSS8.5AI score0.01972EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-29685

Malware in sbrugna...

7.4CVSS7.5AI score0.01065EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18794

Malware in sbrugna...

9.8CVSS9.1AI score0.01454EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-4570

Malware in sbrugna...

7.5CVSS7.6AI score0.02193EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0899

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.011EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5336

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01214EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2845

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.01174EPSS
Exploits1References7
Rows per page
Query Builder