RHSA-2019:0741 Red Hat Security Advisory: Istio-Proxy Security Update

Bulletin has no description...

CVE-2020-8843

CVE-2020-8843 affects Istio 1.3–1.3.6. The issue lets an attacker bypass a configured Mixer policy by abusing the x-istio-attributes header at ingress; exploitation requires encoding a source.uid in the header, which influences policy decisions when Mixer policy applies to ingress source. The vul...

Authentication Bypass

github.com/istio/proxy is vulnerable to authentication bypass. The vulnerability exists as the Authentication Policy's exact-path matching logic allows unauthorized access to HTTP paths using an invalid JWT token...

RHEL 7 : openshift (RHSA-2019:0741)

An update for Istio-Proxy is now available for Red Hat OpenShift Service Mesh Tech Preview 0.9.0. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: Istio-Proxy Security Update

An update for Istio-Proxy is now available for Red Hat OpenShift Service Mesh Tech Preview 0.9.0. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...