19 matches found
Istio 安全漏洞
Istio is a set of open platforms for connecting, managing and securing microservices. A security vulnerability exists in branches from Istio versions 1.15.x through prior to 1.15.3, which stems from the fact that a user with local host access to the Istiod control plane can emulate any workload...
Istio may allow identity impersonation if user has localhost access
Impact User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Patches 1.15.3 Workarounds No. If using 1.15.2 please upgrade to 1.15.3 or later. References None at this time. For more information If you have any questions or...
PT-2022-24947 · Istio · Istio
Name of the Vulnerable Software and Affected Versions: Istio versions 1.15.x prior to 1.15.3 Description: A user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Recommendations: For versions prior to 1.15.3, upgrade to versi...
Design/Logic Flaw
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...
CVE-2022-39278
CVE-2022-39278 affects Istio across multiple releases (notably Istio 1.15.2, 1.14.5, 1.13.9) where the control plane istiod is vulnerable to a request-processing error caused by an inefficient Go regexp.Compile, leading to a crash when a specially crafted or oversized message is sent to the publi...
Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...
istio: unauthenticated control plane denial of service attack
A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash...
CVE-2022-24726
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the...
CVE-2022-24726 Unauthenticated control plane denial of service attack in Istio
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the...
CVE-2022-24726 Unauthenticated control plane denial of service attack in Istio
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the...
CVE-2022-24726
The CVE-2022-24726 entry affects Istio’s control plane (istiod) where a request processing error in the validating webhook, exposed publicly on TLS port 15017, can crash the control plane when a specially crafted message is processed. Affected versions have been patched in Istio releases 1.13.2, ...
Improper Authentication
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoin...
Design/Logic Flaw
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoin...
CVE-2022-23635
Technical details for CVE-2022-23635 are not publicly available in the provided connected documents. Monitor for updates; no additional exploit, impact, or remediation details are present in the connected sources.
CVE-2022-23635 Unauthenticated control plane denial of service attack in Istio
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoin...
Istio 授权问题漏洞
Istio is an open platform for connecting, managing and securing microservices. Istio suffers from an authorization issue vulnerability that stems from the Istio control plane "istiod" being susceptible to request processing errors in the affected version. An attacker could use this vulnerability ...
CVE-2022-21701
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...
CVE-2022-21701
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...
Privilege escalation
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...