3 matches found
CVE-2020-8843
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...
CVE-2020-8843
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...
CVE-2020-8843
CVE-2020-8843 affects Istio 1.3–1.3.6. The issue lets an attacker bypass a configured Mixer policy by abusing the x-istio-attributes header at ingress; exploitation requires encoding a source.uid in the header, which influences policy decisions when Mixer policy applies to ingress source. The vul...