16 matches found
CVE-2026-39350
A flaw was found in Istio, an open platform designed to connect, manage, and secure microservices. The serviceAccounts and notServiceAccounts fields within Istio's AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. This vulnerability allows an attacker to craft...
GHSA-9GCG-W975-3RJH Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots
Impact The serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is a valid character in a service account name, an AuthorizationPolicy ALLOW rule targeting SA e.g. cert-manager.io also matches cert-manager-io,...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization due to the serviceAccountRegex matcher in pilot/pkg/security/authz/model/generator.go. An attacker can gain access to workloads protected by AuthorizationPolicy rules by presenting a SPIFFE identity whose namespa...
CVE-2026-39350
CVE-2026-39350 (Istio) : The vulnerability affects Istio AuthorizationPolicy fields serviceAccounts and notServiceAccounts, where a dot (.) is incorrectly treated as a regular expression matcher. As a result, an ALLOW rule targeting a service account such as cert-manager.io can also match similar...
CVE-2026-39350
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is...
Istio 安全漏洞
Istio is an open-source platform that connects, manages, and protects microservices. There are security vulnerabilities in versions of Istio prior to 1.27.9, 1.28.6, and 1.29.2. These vulnerabilities stem from incorrect interpretations of point matching in the AuthorizationPolicy, where fields su...
EUVD-2022-0899
Malicious code in bioql PyPI...
GHSA-82MM-FFJR-H86C Authorization bypass in Istio
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. Specific Go...
Authorization bypass in Istio
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. Specific Go...
Authorization bypass in Istio
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...
Authorization bypass in Istio
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...
CVE-2020-16844
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...
CVE-2020-16844
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...
Code injection
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...
CVE-2020-16844
CVE-2020-16844 affects Istio 1.5.0–1.5.8 and 1.6.0–1.6.7, where an AuthorizationPolicy with DENY actions using wildcard suffixes (e.g., *-some-suffix) for source principals or namespaces can fail to deny access, bypassing the intended policy. The available connected documents consistently describ...
CVE-2020-16844
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...