2 matches found
CVE-2022-21679 Authorization Policy bypass in Istio
Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy with hosts and notHosts might be accidentally bypassed for ALLOW action or rejected unexpectedly for DENY action during the upgrade from 1.11 to 1.12.0/1.12.1. Istio 1.12...
CVE-2022-21679
Istio 1.12.0/1.12.1 contains a bug in the authorization policy that uses the new Envoy API with the 1.11 data plane. This causes hosts and notHosts in authorization policies to be matched regardless of header values when mixing 1.12 control plane with 1.11 data plane, potentially bypassing ALLOW ...