CVE-2026-31838

CVE-2026-31838 describes a vulnerability in Istio where an Envoy RBAC header matching could bypass authorization when policies rely on HTTP headers with multiple values. Affected are Istio deployments using Envoy before versions 1.29.1, 1.28.5, or 1.27.8. An attacker could craft requests with mul...

CVE-2019-12995

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwtauthenticator.cc segmentation fault...

EUVD-2019-4570

Malware in sbrugna...

EUVD-2020-29685

Malware in sbrugna...

EUVD-2021-21471

Malware in sbrugna...

EUVD-2021-18794

Malware in sbrugna...

EUVD-2022-0899

Malicious code in bioql PyPI...

EUVD-2022-29579

Malicious code in bioql PyPI...

CVE-2020-8843

An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...

Improper Access Control

github.com/istio/istio is vulnerable to improper access control due to the isTrustedAddress function of xfccauthenticator.go. An attacker with access to the localhost Istiod control plane can impersonate any workload identity within the service mesh...

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

Vulnerability in Istio

Istio 1.1.x through 1.1.6 has Incorrect Access Control...

Privilege Escalation

Istio is vulnerable to privilege escalation. The vulnerability exists due to case insensitive when authorizing hostname in the HTTP Host header...

Privilege Escalation

github.com/istio/istio is vulnerable to privilege escalation. Lack of case-sensitive comparison of hostname in the HTTP Host header allows an attacker to bypass the authorization policy as it causes the Envoy proxy to route the request hostname in a case-insensitive way...

istio/istio: HTTP request with fragment in URI can bypass authorization mechanisms

An authorization bypass vulnerability was found in istio/istio. An HTTP request is incorrectly evaluated when a URI fragment is specified. This flaw allows an attacker to bypass an Istio URI-based authorization rule. The highest threat from this vulnerability is to confidentiality, integrity, as...

detect-character-encoding 安全漏洞

detect-character-encoding is an open source C++ plugin. A security vulnerability exists in detect-character-encoding, which stems from an authorization bypass vulnerability found in istio istio. Case-insensitive host comparisons were incorrect when computing rules specified with host or notHost...

PT-2021-22413 · Istio · Istio

Name of the Vulnerable Software and Affected Versions: Istio versions 1.11.0, 1.10.3 and below, and 1.9.7 and below Istio versions prior to 1.11.1, 1.10.4, and 1.9.8 Description: Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across...